Description

When multiple security handlers are provided, for instance

security:
- api_key: []
- {}
components:
  securitySchemes:
    api_key:
      type: apiKey
      name: X-Auth
      in: header
      x-apikeyInfoFunc: app.apikey_auth

To allow either a token or a non authenticated request, assuming a token is provided, but for instance has a wrong signature, or is expired, it should be possible to reject the request.

Expected behaviour

There should be a mechanism to reject the request without looking for the next provider.

For instance raising an OAuthProblem or returning some specific value.

Actual behaviour

The request is considered non-authenticated and the incorrect token is ignored.

Steps to reproduce

Additional info:

Output of the commands:

• python --version
• pip show connexion | grep "^Version\:"

Python 3.10.12
Version: 2.14.2