With multiple @Security() decorators, all secMethods run

[douglasg14b]

Sorting

• I'm submitting a ...

  • bug report
  • feature request
  • support request

• I confirm that I

  • used the search to make sure that a similar issue hasn't already been submit

Expected Behavior

When there are multiple @Security() decorators in use in an OR configuration, it's expected that these will operate in a early-break pattern. Where once one is accepted, we break early.

Additionally, a way to filter security methods by say the Authentication header type (ie. Bearer, Basic ...etc) could prevent floods of rejection metrics as each auth type is evaluated.

@Security('tsoa_auth', ['write:pets', 'read:pets'])
@Security('api_key')
@Get('OauthOrAPIkey')
public async GetWithOrSecurity(@Request() request: express.Request): Promise<any> {
}

Current Behavior

Each security method is ran, resulting in rejections that are not actually rejections.

Possible Solution

1. Break early in OR scenarios, and don't execute additional security options
2. Allow a filter to be applied, or provided, to the decorator for control over when each security method is ran