aws · alextwoods · Jun 23, 2025 · Jun 23, 2025 · Jun 23, 2025
@@ -0,0 +1,6 @@
+{
+    "type": "bugfix",
+    "category": "AWS SDK for Java v2",
+    "contributor": "",
+    "description": "Fix generation of credentialType(bearer) for non-priority bearer operations"
+}
@@ -121,7 +121,7 @@ default String discoveredEndpoint(OperationModel opModel) {
 
     default CodeBlock credentialType(OperationModel opModel, IntermediateModel model) {
 
-        if (AuthUtils.isOpBearerAuth(model, opModel)) {
+        if (AuthUtils.isOpBearerAuthPreferred(model, opModel)) {
             return CodeBlock.of(".credentialType($T.TOKEN)\n", CredentialType.class);
         } else {
             return CodeBlock.of("");

@@ -58,13 +58,17 @@ public static boolean usesAwsAuth(IntermediateModel model) {
     }
 
     /**
-     * Returns {@code true} if the operation should use bearer auth.
+     * Returns {@code true} if and only if the operation should use bearer auth as the first preferred auth scheme.
      */
-    public static boolean isOpBearerAuth(IntermediateModel model, OperationModel opModel) {
-        if (opModel.getAuthType() == AuthType.BEARER) {
-            return true;
-        }
-        return isServiceBearerAuth(model) && hasNoAuthType(opModel);
+    public static boolean isOpBearerAuthPreferred(IntermediateModel model, OperationModel opModel) {
+        return opModel.getAuthType() == AuthType.BEARER // single modeled auth on operation is bearer
+            // auth array, first auth type is bearer
+            || (opModel.getAuth() != null && !opModel.getAuth().isEmpty() && opModel.getAuth().get(0) == AuthType.BEARER)
+            // service is only bearer and operation doesn't override
+            || (model.getMetadata().getAuthType() == AuthType.BEARER && hasNoAuthType(opModel))
+            // service is only bearer first and operation doesn't override
+            || (model.getMetadata().getAuth() != null && !model.getMetadata().getAuth().isEmpty()
+                && model.getMetadata().getAuth().get(0) == AuthType.BEARER && hasNoAuthType(opModel));
     }
 
     private static boolean isServiceBearerAuth(IntermediateModel model) {

@@ -79,21 +79,30 @@ private static Stream<Arguments> awsAuthServiceValues() {
 
     @ParameterizedTest
     @MethodSource("opValues")
-    public void testIfOperationIsBearerAuth(AuthType serviceAuthType, AuthType opAuthType, Boolean expectedResult) {
-        IntermediateModel model = modelWith(serviceAuthType);
-        OperationModel opModel = opModelWith(opAuthType);
-        assertThat(AuthUtils.isOpBearerAuth(model, opModel)).isEqualTo(expectedResult);
+    public void testIfOperationIsBearerAuthPreferred(AuthType serviceAuthType, List<AuthType> serviceAuth,
+                                                     AuthType opAuthType, List<AuthType> opAuth,
+                                                     Boolean expectedResult) {
+        IntermediateModel model = modelWith(serviceAuthType, serviceAuth);
+        OperationModel opModel = opModelWith(opAuthType, opAuth);
+        assertThat(AuthUtils.isOpBearerAuthPreferred(model, opModel)).isEqualTo(expectedResult);
     }
 
     private static Stream<Arguments> opValues() {
-        return Stream.of(Arguments.of(AuthType.BEARER, AuthType.BEARER, true),
-                         Arguments.of(AuthType.BEARER, AuthType.S3V4, false),
-                         Arguments.of(AuthType.BEARER, AuthType.NONE, true),
-                         Arguments.of(AuthType.BEARER, null, true),
-                         Arguments.of(AuthType.S3V4, AuthType.BEARER, true),
-                         Arguments.of(AuthType.S3V4, AuthType.S3V4, false),
-                         Arguments.of(AuthType.S3V4, AuthType.NONE, false),
-                         Arguments.of(AuthType.S3V4, null, false));
+        return Stream.of(
+            Arguments.of(AuthType.BEARER, null, AuthType.BEARER, null, true),
+            Arguments.of(AuthType.BEARER, null, AuthType.S3V4, null, false),
+            Arguments.of(AuthType.BEARER, null, AuthType.NONE, null, true),
+            Arguments.of(AuthType.BEARER, null, null, null, true),
+            Arguments.of(AuthType.S3V4, null, AuthType.BEARER, null, true),
+            Arguments.of(AuthType.S3V4, null, AuthType.S3V4, null, false),
+            Arguments.of(AuthType.S3V4, null, AuthType.NONE, null, false),
+            Arguments.of(AuthType.S3V4, null, null, null, false),
+            Arguments.of(AuthType.S3V4, Arrays.asList(AuthType.S3V4, AuthType.BEARER), AuthType.S3V4, null, false),
+            Arguments.of(AuthType.S3V4, null, AuthType.S3V4, Arrays.asList(AuthType.S3V4, AuthType.BEARER), false),
+            Arguments.of(AuthType.S3V4, Arrays.asList(AuthType.BEARER, AuthType.S3V4), null, null, true),
+            Arguments.of(AuthType.S3V4, Arrays.asList(AuthType.BEARER, AuthType.S3V4), AuthType.S3V4, null, false),
+            Arguments.of(AuthType.S3V4, null, AuthType.S3V4, Arrays.asList(AuthType.BEARER, AuthType.S3V4), true)
+        );
     }
 
     private static OperationModel opModelWith(AuthType authType) {
@@ -102,6 +111,12 @@ private static OperationModel opModelWith(AuthType authType) {
         return opModel;
     }
 
+    private static OperationModel opModelWith(AuthType authType, List<AuthType> auth) {
+        OperationModel opModel = opModelWith(authType);
+        opModel.setAuth(auth);
+        return opModel;
+    }
+
     private static IntermediateModel modelWith(AuthType authType) {
         IntermediateModel model = new IntermediateModel();
         Metadata metadata = new Metadata();