From 6e747259ae71ae51e1589c8c38f7755c0b97f190 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Tama?= <j.tama@groupeonepoint.com>
Date: Wed, 10 May 2023 10:51:37 +0200
Subject: [PATCH 1/3] Initial OIDC support (#15417)

* Initial OIDC support

* Removes 'println'
Changes OIDC to OpenIdConnect
Adds generated files

* fix rebase errors
---
 docs/generators/apex.md                       |  2 +-
 docs/generators/cpp-tiny.md                   |  2 +-
 docs/generators/cpp-ue4.md                    |  2 +-
 docs/generators/fsharp-giraffe-server.md      |  2 +-
 .../javascript-apollo-deprecated.md           |  2 +-
 docs/generators/javascript-closure-angular.md |  2 +-
 docs/generators/javascript.md                 |  2 +-
 docs/generators/jetbrains-http-client.md      |  2 +-
 docs/generators/julia-client.md               |  2 +-
 docs/generators/julia-server.md               |  2 +-
 docs/generators/k6.md                         |  2 +-
 docs/generators/markdown.md                   |  2 +-
 docs/generators/plantuml.md                   |  2 +-
 docs/generators/python-fastapi.md             |  2 +-
 docs/generators/python-flask.md               |  2 +-
 docs/generators/swift5.md                     |  2 +-
 docs/generators/wsdl-schema.md                |  2 +-
 docs/generators/xojo-client.md                |  2 +-
 .../openapitools/codegen/CodegenSecurity.java |  5 +-
 .../openapitools/codegen/DefaultCodegen.java  | 55 +++++++++----------
 .../codegen/DefaultGenerator.java             | 32 ++++++++++-
 .../codegen/utils/ProcessUtils.java           | 55 +++++++++++++++++++
 22 files changed, 134 insertions(+), 49 deletions(-)

diff --git a/docs/generators/apex.md b/docs/generators/apex.md
index 521e492c35b..95025c738b9 100644
--- a/docs/generators/apex.md
+++ b/docs/generators/apex.md
@@ -290,7 +290,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/cpp-tiny.md b/docs/generators/cpp-tiny.md
index 35381b175e8..ed093f56316 100644
--- a/docs/generators/cpp-tiny.md
+++ b/docs/generators/cpp-tiny.md
@@ -247,7 +247,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/cpp-ue4.md b/docs/generators/cpp-ue4.md
index 430558ba9e2..b55a4868844 100644
--- a/docs/generators/cpp-ue4.md
+++ b/docs/generators/cpp-ue4.md
@@ -258,7 +258,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/fsharp-giraffe-server.md b/docs/generators/fsharp-giraffe-server.md
index 76ae8165b16..a1090ad0a7c 100644
--- a/docs/generators/fsharp-giraffe-server.md
+++ b/docs/generators/fsharp-giraffe-server.md
@@ -305,7 +305,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/javascript-apollo-deprecated.md b/docs/generators/javascript-apollo-deprecated.md
index 26948b3b3fa..88b3a3cae17 100644
--- a/docs/generators/javascript-apollo-deprecated.md
+++ b/docs/generators/javascript-apollo-deprecated.md
@@ -258,7 +258,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/javascript-closure-angular.md b/docs/generators/javascript-closure-angular.md
index baf0382872d..e9c940e9ddc 100644
--- a/docs/generators/javascript-closure-angular.md
+++ b/docs/generators/javascript-closure-angular.md
@@ -204,7 +204,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/javascript.md b/docs/generators/javascript.md
index 3e04e8ee7b7..748030ad44e 100644
--- a/docs/generators/javascript.md
+++ b/docs/generators/javascript.md
@@ -259,7 +259,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/jetbrains-http-client.md b/docs/generators/jetbrains-http-client.md
index 829686878d1..b7672a75814 100644
--- a/docs/generators/jetbrains-http-client.md
+++ b/docs/generators/jetbrains-http-client.md
@@ -151,7 +151,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/julia-client.md b/docs/generators/julia-client.md
index 6d6e69d03e5..a09cd1d2eb9 100644
--- a/docs/generators/julia-client.md
+++ b/docs/generators/julia-client.md
@@ -203,7 +203,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✗|OAS2,OAS3
 |OAuth2_Password|✗|OAS2,OAS3
diff --git a/docs/generators/julia-server.md b/docs/generators/julia-server.md
index 62bf7035c23..2c8899c1c5b 100644
--- a/docs/generators/julia-server.md
+++ b/docs/generators/julia-server.md
@@ -202,7 +202,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✗|OAS2,OAS3
 |OAuth2_Password|✗|OAS2,OAS3
diff --git a/docs/generators/k6.md b/docs/generators/k6.md
index e8574baee66..66177895183 100644
--- a/docs/generators/k6.md
+++ b/docs/generators/k6.md
@@ -151,7 +151,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/markdown.md b/docs/generators/markdown.md
index e3dbfbaff41..eaabaee6e8d 100644
--- a/docs/generators/markdown.md
+++ b/docs/generators/markdown.md
@@ -168,7 +168,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/plantuml.md b/docs/generators/plantuml.md
index b1af2d30537..a98a7dd7c39 100644
--- a/docs/generators/plantuml.md
+++ b/docs/generators/plantuml.md
@@ -150,7 +150,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/python-fastapi.md b/docs/generators/python-fastapi.md
index 20cd0ab9e82..11f2f2dc99c 100644
--- a/docs/generators/python-fastapi.md
+++ b/docs/generators/python-fastapi.md
@@ -217,7 +217,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/python-flask.md b/docs/generators/python-flask.md
index d7f3df3f22f..ca2cebc91cd 100644
--- a/docs/generators/python-flask.md
+++ b/docs/generators/python-flask.md
@@ -223,7 +223,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/swift5.md b/docs/generators/swift5.md
index 7a87a498db4..215d669df58 100644
--- a/docs/generators/swift5.md
+++ b/docs/generators/swift5.md
@@ -339,7 +339,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/wsdl-schema.md b/docs/generators/wsdl-schema.md
index 08ba6899a19..edc5a175056 100644
--- a/docs/generators/wsdl-schema.md
+++ b/docs/generators/wsdl-schema.md
@@ -156,7 +156,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/docs/generators/xojo-client.md b/docs/generators/xojo-client.md
index 8618a613b62..394e6a868ff 100644
--- a/docs/generators/xojo-client.md
+++ b/docs/generators/xojo-client.md
@@ -281,7 +281,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3
diff --git a/modules/openapi-generator/src/main/java/org/openapitools/codegen/CodegenSecurity.java b/modules/openapi-generator/src/main/java/org/openapitools/codegen/CodegenSecurity.java
index 1f014513ea4..0d70d5f1917 100644
--- a/modules/openapi-generator/src/main/java/org/openapitools/codegen/CodegenSecurity.java
+++ b/modules/openapi-generator/src/main/java/org/openapitools/codegen/CodegenSecurity.java
@@ -59,6 +59,7 @@ public class CodegenSecurity {
         filteredSecurity.isBasicBearer = isBasicBearer;
         filteredSecurity.isApiKey = isApiKey;
         filteredSecurity.isOAuth = isOAuth;
+        filteredSecurity.isOpenId = isOpenId;
         filteredSecurity.keyParamName = keyParamName;
         filteredSecurity.isCode = isCode;
         filteredSecurity.isImplicit = isImplicit;
@@ -103,6 +104,7 @@ public class CodegenSecurity {
                 Objects.equals(scheme, that.scheme) &&
                 Objects.equals(isBasic, that.isBasic) &&
                 Objects.equals(isOAuth, that.isOAuth) &&
+                Objects.equals(isOpenId, that.isOpenId) &&
                 Objects.equals(isApiKey, that.isApiKey) &&
                 Objects.equals(isBasicBasic, that.isBasicBasic) &&
                 Objects.equals(isHttpSignature, that.isHttpSignature) &&
@@ -128,7 +130,7 @@ public class CodegenSecurity {
     @Override
     public int hashCode() {
 
-        return Objects.hash(name, description, type, scheme, isBasic, isOAuth, isApiKey,
+        return Objects.hash(name, description, type, scheme, isBasic, isOAuth, isOpenId, isApiKey,
                 isBasicBasic, isHttpSignature, isBasicBearer, bearerFormat, vendorExtensions,
                 keyParamName, isKeyInQuery, isKeyInHeader, isKeyInCookie, flow,
                 authorizationUrl, tokenUrl, refreshUrl, scopes, isCode, isPassword, isApplication, isImplicit,
@@ -144,6 +146,7 @@ public class CodegenSecurity {
         sb.append(", scheme='").append(scheme).append('\'');
         sb.append(", isBasic=").append(isBasic);
         sb.append(", isOAuth=").append(isOAuth);
+        sb.append(", isOpenIdConnect=").append(isOpenId);
         sb.append(", isApiKey=").append(isApiKey);
         sb.append(", isBasicBasic=").append(isBasicBasic);
         sb.append(", isHttpSignature=").append(isHttpSignature);
diff --git a/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultCodegen.java b/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultCodegen.java
index f63104a2897..3a3d08c9fc4 100644
--- a/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultCodegen.java
+++ b/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultCodegen.java
@@ -42,7 +42,6 @@ import io.swagger.v3.oas.models.security.SecurityScheme;
 import io.swagger.v3.oas.models.servers.Server;
 import io.swagger.v3.oas.models.servers.ServerVariable;
 import io.swagger.v3.parser.util.SchemaTypeUtil;
-import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.tuple.Pair;
 import org.apache.commons.text.StringEscapeUtils;
@@ -78,24 +77,6 @@ import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
-import io.swagger.v3.core.util.Json;
-import io.swagger.v3.oas.models.OpenAPI;
-import io.swagger.v3.oas.models.Operation;
-import io.swagger.v3.oas.models.PathItem;
-import io.swagger.v3.oas.models.callbacks.Callback;
-import io.swagger.v3.oas.models.examples.Example;
-import io.swagger.v3.oas.models.headers.Header;
-import io.swagger.v3.oas.models.media.*;
-import io.swagger.v3.oas.models.parameters.*;
-import io.swagger.v3.oas.models.responses.ApiResponse;
-import io.swagger.v3.oas.models.responses.ApiResponses;
-import io.swagger.v3.oas.models.security.OAuthFlow;
-import io.swagger.v3.oas.models.security.OAuthFlows;
-import io.swagger.v3.oas.models.security.SecurityScheme;
-import io.swagger.v3.oas.models.servers.Server;
-import io.swagger.v3.oas.models.servers.ServerVariable;
-import io.swagger.v3.parser.util.SchemaTypeUtil;
-
 import static org.openapitools.codegen.CodegenConstants.UNSUPPORTED_V310_SPEC_MSG;
 import static org.openapitools.codegen.utils.OnceLogger.once;
 import static org.openapitools.codegen.utils.StringUtils.*;
@@ -148,8 +129,8 @@ public class DefaultCodegen implements CodegenConfig {
                 .includeSecurityFeatures(
                         SecurityFeature.BasicAuth, SecurityFeature.ApiKey, SecurityFeature.BearerToken,
                         SecurityFeature.OAuth2_Implicit, SecurityFeature.OAuth2_Password,
-                        SecurityFeature.OAuth2_ClientCredentials, SecurityFeature.OAuth2_AuthorizationCode
-                        // OpenIDConnect not yet supported
+                        SecurityFeature.OAuth2_ClientCredentials, SecurityFeature.OAuth2_AuthorizationCode,
+                        SecurityFeature.OpenIDConnect
                 )
                 .includeWireFormatFeatures(
                         WireFormatFeature.JSON, WireFormatFeature.XML
@@ -5293,7 +5274,7 @@ public class DefaultCodegen implements CodegenConfig {
             final SecurityScheme securityScheme = securitySchemeMap.get(key);
             if (SecurityScheme.Type.APIKEY.equals(securityScheme.getType())) {
                 final CodegenSecurity cs = defaultCodegenSecurity(key, securityScheme);
-                cs.isBasic = cs.isOAuth = false;
+                cs.isBasic = cs.isOAuth = cs.isOpenId = false;
                 cs.isApiKey = true;
                 cs.keyParamName = securityScheme.getName();
                 cs.isKeyInHeader = securityScheme.getIn() == SecurityScheme.In.HEADER;
@@ -5302,7 +5283,7 @@ public class DefaultCodegen implements CodegenConfig {
                 codegenSecurities.add(cs);
             } else if (SecurityScheme.Type.HTTP.equals(securityScheme.getType())) {
                 final CodegenSecurity cs = defaultCodegenSecurity(key, securityScheme);
-                cs.isKeyInHeader = cs.isKeyInQuery = cs.isKeyInCookie = cs.isApiKey = cs.isOAuth = false;
+                cs.isKeyInHeader = cs.isKeyInQuery = cs.isKeyInCookie = cs.isApiKey = cs.isOAuth = cs.isOpenId = false;
                 cs.isBasic = true;
                 if ("basic".equalsIgnoreCase(securityScheme.getScheme())) {
                     cs.isBasicBasic = true;
@@ -5321,11 +5302,6 @@ public class DefaultCodegen implements CodegenConfig {
                     once(LOGGER).warn("Unknown scheme `{}` found in the HTTP security definition.", securityScheme.getScheme());
                 }
                 codegenSecurities.add(cs);
-            } else if (SecurityScheme.Type.OPENIDCONNECT.equals(securityScheme.getType())) {
-                final CodegenSecurity cs = defaultCodegenSecurity(key, securityScheme);
-                cs.isOpenId = true;
-                cs.openIdConnectUrl = securityScheme.getOpenIdConnectUrl();
-                codegenSecurities.add(cs);
             } else if (SecurityScheme.Type.OAUTH2.equals(securityScheme.getType())) {
                 final OAuthFlows flows = securityScheme.getFlows();
                 boolean isFlowEmpty = true;
@@ -5368,6 +5344,15 @@ public class DefaultCodegen implements CodegenConfig {
                 if (isFlowEmpty) {
                     once(LOGGER).error("Invalid flow definition defined in the security scheme: {}", flows);
                 }
+            } else if (SecurityScheme.Type.OPENIDCONNECT.equals(securityScheme.getType())) {
+                final CodegenSecurity cs = defaultCodegenSecurity(key, securityScheme);
+                cs.isKeyInHeader = cs.isKeyInQuery = cs.isKeyInCookie = cs.isApiKey = cs.isBasic = false;
+                cs.isOpenId = true;
+                cs.openIdConnectUrl = securityScheme.getOpenIdConnectUrl();
+                if (securityScheme.getFlows() != null) {
+                    setOpenIdConnectInfo(cs, securityScheme.getFlows().getAuthorizationCode());
+                }
+                codegenSecurities.add(cs);
             } else {
                 once(LOGGER).error("Unknown type `{}` found in the security definition `{}`.", securityScheme.getType(), securityScheme.getName());
             }
@@ -5393,7 +5378,7 @@ public class DefaultCodegen implements CodegenConfig {
 
     private CodegenSecurity defaultOauthCodegenSecurity(String key, SecurityScheme securityScheme) {
         final CodegenSecurity cs = defaultCodegenSecurity(key, securityScheme);
-        cs.isKeyInHeader = cs.isKeyInQuery = cs.isKeyInCookie = cs.isApiKey = cs.isBasic = false;
+        cs.isKeyInHeader = cs.isKeyInQuery = cs.isKeyInCookie = cs.isApiKey = cs.isBasic = cs.isOpenId = false;
         cs.isOAuth = true;
         return cs;
     }
@@ -6618,6 +6603,18 @@ public class DefaultCodegen implements CodegenConfig {
         }
     }
 
+    private void setOpenIdConnectInfo(CodegenSecurity codegenSecurity, OAuthFlow flow) {
+        if (flow.getScopes() != null && !flow.getScopes().isEmpty()) {
+            List<Map<String, Object>> scopes = new ArrayList<>();
+            for (Map.Entry<String, String> scopeEntry : flow.getScopes().entrySet()) {
+                Map<String, Object> scope = new HashMap<>();
+                scope.put("scope", scopeEntry.getKey());
+                scopes.add(scope);
+            }
+            codegenSecurity.scopes = scopes;
+        }
+    }
+
     private void addConsumesInfo(Operation operation, CodegenOperation codegenOperation) {
         RequestBody requestBody = ModelUtils.getReferencedRequestBody(this.openAPI, operation.getRequestBody());
         if (requestBody == null || requestBody.getContent() == null || requestBody.getContent().isEmpty()) {
diff --git a/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultGenerator.java b/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultGenerator.java
index da2009cbc18..a4f265e2097 100644
--- a/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultGenerator.java
+++ b/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultGenerator.java
@@ -882,6 +882,10 @@ public class DefaultGenerator implements Generator {
                 bundle.put("hasOAuthMethods", true);
                 bundle.put("oauthMethods", ProcessUtils.getOAuthMethods(authMethods));
             }
+            if (ProcessUtils.hasOpenIdConnectMethods(authMethods)) {
+                bundle.put("hasOpenIdConnectMethods", true);
+                bundle.put("openIdConnectMethods", ProcessUtils.getOpenIdConnectMethods(authMethods));
+            }
             if (ProcessUtils.hasHttpBearerMethods(authMethods)) {
                 bundle.put("hasHttpBearerMethods", true);
                 bundle.put("httpBearerMethods", ProcessUtils.getHttpBearerMethods(authMethods));
@@ -1296,7 +1300,7 @@ public class DefaultGenerator implements Generator {
      */
     private Set<Map<String, String>> toImportsObjects(Map<String, String> mappedImports) {
         Set<Map<String, String>> result = new TreeSet<>(
-            Comparator.comparing(o -> o.get("classname"))
+                Comparator.comparing(o -> o.get("classname"))
         );
 
         mappedImports.forEach((key, value) -> {
@@ -1409,6 +1413,32 @@ public class DefaultGenerator implements Generator {
                         }
 
                         authMethods.put(key, oauthUpdatedScheme);
+                    } else if (securityScheme.getType().equals(SecurityScheme.Type.OPENIDCONNECT)) {
+                        // Security scheme only allows to add scope in Flows, so randomly using authorization code flow
+                        OAuthFlows openIdConnectUpdatedFlows = new OAuthFlows();
+                        OAuthFlow flow = new OAuthFlow();
+                        Scopes flowScopes = new Scopes();
+                        securities.stream()
+                                .map(secReq -> secReq.get(key))
+                                .filter(Objects::nonNull)
+                                .flatMap(List::stream)
+                                .forEach(value -> flowScopes.put(value, value));
+                        flow.scopes(flowScopes);
+                        openIdConnectUpdatedFlows.authorizationCode(flow);
+
+                        SecurityScheme openIdConnectUpdatedScheme = new SecurityScheme()
+                                .type(securityScheme.getType())
+                                .description(securityScheme.getDescription())
+                                .name(securityScheme.getName())
+                                .$ref(securityScheme.get$ref())
+                                .in(securityScheme.getIn())
+                                .scheme(securityScheme.getScheme())
+                                .bearerFormat(securityScheme.getBearerFormat())
+                                .openIdConnectUrl(securityScheme.getOpenIdConnectUrl())
+                                .extensions(securityScheme.getExtensions())
+                                .flows(openIdConnectUpdatedFlows);
+
+                        authMethods.put(key, openIdConnectUpdatedScheme);
                     } else {
                         authMethods.put(key, securityScheme);
                     }
diff --git a/modules/openapi-generator/src/main/java/org/openapitools/codegen/utils/ProcessUtils.java b/modules/openapi-generator/src/main/java/org/openapitools/codegen/utils/ProcessUtils.java
index 724db194867..893cf31332e 100644
--- a/modules/openapi-generator/src/main/java/org/openapitools/codegen/utils/ProcessUtils.java
+++ b/modules/openapi-generator/src/main/java/org/openapitools/codegen/utils/ProcessUtils.java
@@ -241,6 +241,61 @@ public class ProcessUtils {
         return false;
     }
 
+    /**
+     * Returns true if the specified OAS model has at least one operation with OpenIdConnect authentication.
+     *
+     * @param openAPI An instance of OpenAPI
+     * @return True if at least one operation has OpenIdConnect security scheme defined
+     */
+    public static boolean hasOpenIdConnectMethods(OpenAPI openAPI) {
+        final Map<String, SecurityScheme> securitySchemes = getSecuritySchemes(openAPI);
+        if (securitySchemes != null) {
+            for (Map.Entry<String, SecurityScheme> scheme : securitySchemes.entrySet()) {
+                if (SecurityScheme.Type.OPENIDCONNECT.equals(scheme.getValue().getType())) {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Returns a list of OpenIdConnect Codegen security objects
+     *
+     * @param authMethods List of auth methods.
+     * @return A list of OpenIdConnect Codegen security objects
+     */
+    public static List<CodegenSecurity> getOpenIdConnectMethods(List<CodegenSecurity> authMethods) {
+        List<CodegenSecurity> oauthMethods = new ArrayList<>();
+
+        for (CodegenSecurity cs : authMethods) {
+            if (Boolean.TRUE.equals(cs.isOpenId)) {
+                oauthMethods.add(cs);
+            }
+        }
+
+        return oauthMethods;
+    }
+
+    /**
+     * Returns a list of OpenIdConnect Codegen security objects
+     *
+     * @param authMethods List of auth methods.
+     * @return A list of OpenIdConnect Codegen security objects
+     */
+    public static boolean hasOpenIdConnectMethods(List<CodegenSecurity> authMethods) {
+
+        for (CodegenSecurity cs : authMethods) {
+            if (Boolean.TRUE.equals(cs.isOpenId)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+
     /**
      * Returns true if the specified OAS model has at least one operation with HTTP bearer authentication.
      *

From edc589ac81e6333581871a2686e8396d53b9f30f Mon Sep 17 00:00:00 2001
From: William Cheng <wing328hk@gmail.com>
Date: Wed, 10 May 2023 17:08:48 +0800
Subject: [PATCH 2/3] update doc

---
 docs/generators/n4js.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/generators/n4js.md b/docs/generators/n4js.md
index 0f3ca63680f..c02e170a119 100644
--- a/docs/generators/n4js.md
+++ b/docs/generators/n4js.md
@@ -228,7 +228,7 @@ These options may be applied as additional-properties (cli) or configOptions (pl
 | ---- | --------- | ---------- |
 |BasicAuth|✓|OAS2,OAS3
 |ApiKey|✓|OAS2,OAS3
-|OpenIDConnect|✗|OAS3
+|OpenIDConnect|✓|OAS3
 |BearerToken|✓|OAS3
 |OAuth2_Implicit|✓|OAS2,OAS3
 |OAuth2_Password|✓|OAS2,OAS3

From bb8098a66f6eed9dcb694b8ae12bf4f943d9f3f7 Mon Sep 17 00:00:00 2001
From: William Cheng <wing328hk@gmail.com>
Date: Wed, 10 May 2023 17:17:08 +0800
Subject: [PATCH 3/3] add --quite to mvn cmd in travis.ci

---
 .travis.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 43975266388..2c548d98461 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -158,7 +158,7 @@ after_success:
   - if [ $SONATYPE_USERNAME ] && [ "$TRAVIS_PULL_REQUEST" == "false" ]; then
       if [ "$TRAVIS_BRANCH" = "master" ] && [ -z $TRAVIS_TAG ]; then
         echo "Publishing from branch $TRAVIS_BRANCH";
-        mvn clean deploy -DskipTests=true -B -U -P release --settings CI/settings.xml -Dorg.slf4j.simpleLogger.defaultLogLevel=error;
+        mvn clean deploy --quiet -DskipTests=true -B -U -P release --settings CI/settings.xml -Dorg.slf4j.simpleLogger.defaultLogLevel=error;
         echo "Finished mvn clean deploy for $TRAVIS_BRANCH";
         pushd .;
         cd modules/openapi-generator-gradle-plugin;
@@ -167,7 +167,7 @@ after_success:
         popd;
       elif [ -z $TRAVIS_TAG ] && [[ "$TRAVIS_BRANCH" =~ ^[0-9]+\.[0-9]+\.x$ ]]; then
         echo "Publishing from branch $TRAVIS_BRANCH";
-        mvn clean deploy --settings CI/settings.xml -Dorg.slf4j.simpleLogger.defaultLogLevel=error;
+        mvn clean deploy --quiet --settings CI/settings.xml -Dorg.slf4j.simpleLogger.defaultLogLevel=error;
         echo "Finished mvn clean deploy for $TRAVIS_BRANCH";
         pushd .;
         cd modules/openapi-generator-gradle-plugin;