Hiding input body in OpenAPI generation

Hello,

I have custom security authenticating, which require many fields from (original) request. The problem I’m now facing is that security part is affecting OpenAPI schema. I’m using Tapir 1.9.11.
Input for security looks like this:

  val securityIn: EndpointInput[TapirHmacRequestParts] = authorizationHeaders
    .and(extractFromRequest[(String, Map[String, String], String, String)] { request =>
      (
        request.method.method,
        request.headers.map(h => h.name -> h.value).toMap,
        request.underlying.asInstanceOf[RequestContext].request.uri.path.toString(),
        request.underlying.asInstanceOf[RequestContext].request.uri.rawQueryString.getOrElse(""),
      )
    })
    .and(byteArrayBody.schema(_.hidden(true)))
    .mapTo[TapirHmacRequestParts]

In endpoints it’s used like this

    .in(jsonBody[SearchApiQuery])
    .securityIn(TapirAuthorization.securityIn)

Adding this to endpoint, results in “application/octet-stream” instead of describing case classes SearchApiQuery.

      requestBody:
        content:
          application/octet-stream:
            schema:
              type: string
              format: binary

It seems like byteArrayBody.schema(_.hidden(true)) is not working as I would expect.

Is there a way to configure tapir to ignore byteArrayBody in schema?

Hm I think that’s rather a bug - we probably didn’t consider the possibility of a body being hidden. Can you add an issue to the project on GitHub?

I added an issue [BUG[ Hidden body schema appears in OpenAPI specs · Issue #3617 · softwaremill/tapir · GitHub