Error handling with multiple security schemes is inconsitant

[atalatable]

Hello,

I use two different security scheme with an enum :

#[derive(SecurityScheme, Clone)]
#[oai(ty = "api_key", key_name = "KEY", key_in = "header", checker = "api_key_checker")]
struct Scheme1(pub Claims);

#[derive(SecurityScheme, Clone)]
#[oai(ty = "bearer", checker = "token_checker")]
struct Scheme2(pub Claims);

/// Unified Security Scheme
#[derive(SecurityScheme, Clone)]
enum Authentification {
    Scheme1(Scheme1),
    Scheme2(Scheme2),
}

Both checker function can return poem errors.

Expected Behavior

If I return an error from a scheme and the other key is not given, I should see the error from the first one.

In my example, if I give an invalid header KEY, and I don't give bearer, I should see the poem error coming from the checker function of the api KEY.

Actual Behavior

If the first scheme of the enum fails and the second is not given, the error returned is the error from the not given security scheme.

In my example, if I give an invalid header KEY, and I don't give bearer, I will never see error from the api key checker but I will see an error as if I didn't give a bearer.

Steps to Reproduce the Problem

I made a small server replicating the issue in this gist : https://gist.github.com/atalatable/0a6a9b65ba5ccd003e4c860ecfecdb82

To replicate, put a random API Key, and no Bearer. Here you get a "authorization error" and not a "custom error". Whereas if you set a Bearer and no API Key, you get a "Custom error".

Specifications

• Version: poem 3.0.4 / poem-openapi 5.0.3
• Platform:
• Subsystem:

Maybe I understood wrong and this is not a bug if so, can anyone give me clarification please ? :)