OpenAPI generators produce non-compiling code from verifier.yml

[vdods]

I'm not quite sure if this is a problem with the VC HTTP API OpenAPI spec, or if it's a problem with the OpenAPI generators themselves (I've filed an issue on OpenAPI as well), but the fact that the spec produces non-compiling code is probably deterring users (including myself).

Reproduction instructions -- this will use OpenAPI's online generator using the rust-server generator:

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{"openAPIUrl": "https://github.com/w3c-ccg/vc-http-api/raw/main/docs/verifier.yml"}' 'http://api.openapi-generator.tech/api/gen/clients/rust-server' | jq -r '.link' | wget --input-file=- --output-document=verifier.zip
unzip verifier.zip
find rust-server-client -type f -exec grep -Hn -i unknown {} \;

The key problem is the presence of UNKNOWN_BASE_TYPE (and related), which prevents the generated code from compiling.

I tried with a few other generators, including go, javascript, and java and they all produced similar results with analogous "unknown" identifiers.

This is due to use of oneOf in verifier.yml under /presentations/verify POST, see

• [BUG][Go] Golang client code is incorrect with presence of oneOf/allOF OpenAPITools/openapi-generator#8721
• [BUG] jaxrs-spec [server] oneOf, anyOf Polymorphism does not work OpenAPITools/openapi-generator#5565

In an attempt to workaround the problem, I tried changing the oneOf to use of a single schema; I changed within verifier.yml:

  /presentations/verify:
    post:
      description: Verifies a verifiablePresentation and returns a verificationResult
        in the response body.  Given the possibility of denial of service, buffer
        overflow, or other style attacks, an implementation is permitted to rate limit
        or restrict requests against this API endpoint to those requests that contain
        only a single credential with a 413 or 429 error code as appropriate.
      operationId: verifyPresentation
      requestBody:
        content:
          application/json:
            schema:
              oneOf:
              - $ref: '#/components/schemas/VerifyPresentationRequest'
              - $ref: '#/components/schemas/ProoflessVerifyPresentationRequest'

to

  /presentations/verify:
    post:
      description: Verifies a verifiablePresentation and returns a verificationResult
        in the response body.  Given the possibility of denial of service, buffer
        overflow, or other style attacks, an implementation is permitted to rate limit
        or restrict requests against this API endpoint to those requests that contain
        only a single credential with a 413 or 429 error code as appropriate.
      operationId: verifyPresentation
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/VerifyPresentationRequest'

(yes, this eliminates #/components/schemas/ProoflessVerifyPresentationRequest, so it's not a fix), and it produced compiling code at least using the OpenAPI rust-server generator.

[mkhraisha]

This issue has been resolved with new OpenAPI generators.