OpenAPITools · adrianhj · Jan 2, 2026
diff --git a/modules/openapi-generator/src/main/java/org/openapitools/codegen/OpenAPINormalizer.java b/modules/openapi-generator/src/main/java/org/openapitools/codegen/OpenAPINormalizer.java
@@ -556,10 +556,16 @@ protected void normalizeHeaders(Map<String, Header> headers) {
             return;
         }
 
-        for (String headerKey : headers.keySet()) {
-            Header h = headers.get(headerKey);
-            Schema updatedHeader = normalizeSchema(h.getSchema(), new HashSet<>());
-            h.setSchema(updatedHeader);
+        for (Header header : headers.values()) {
+            // dereference header
+            if (StringUtils.isNotEmpty(header.get$ref())) {
+                header = ModelUtils.getReferencedHeader(openAPI, header);
+            }
+
+            if (header.getSchema() != null) {
+                Schema<?> updatedHeader = normalizeSchema(header.getSchema(), new HashSet<>());
+                header.setSchema(updatedHeader);
+            }
         }
     }
 

diff --git a/modules/openapi-generator/src/test/java/org/openapitools/codegen/OpenAPINormalizerTest.java b/modules/openapi-generator/src/test/java/org/openapitools/codegen/OpenAPINormalizerTest.java
@@ -1306,6 +1306,20 @@ public void testRemoveXInternalFromInlineProperties() {
         assertNotNull(inlinePropertyAfter.getProperties().get("nestedNumber"));
     }
 
+    @Test
+    public void testDereferenceHeaderBeforeNormalize() {
+        OpenAPI openAPI = TestUtils.parseSpec("src/test/resources/3_1/issue_22576.yaml");
+
+        Map<String, String> options = new HashMap<>();
+        OpenAPINormalizer openAPINormalizer = new OpenAPINormalizer(openAPI, options);
+
+        try {
+            openAPINormalizer.normalize();
+        } catch (Exception e) {
+            fail("Should not have thrown exception", e);
+        }
+    }
+
     public static class RemoveRequiredNormalizer extends OpenAPINormalizer {
 
         public RemoveRequiredNormalizer(OpenAPI openAPI, Map<String, String> inputRules) {

diff --git a/modules/openapi-generator/src/test/resources/3_1/issue_22576.yaml b/modules/openapi-generator/src/test/resources/3_1/issue_22576.yaml
@@ -0,0 +1,27 @@
+openapi: 3.1.0
+info:
+  title: Test
+  version: "1.0"
+paths:
+  /test:
+    post:
+      summary: Test
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: string
+      responses:
+        200:
+          description: OK
+        401:
+          description: Unauthorized
+          headers:
+            WWW-Authenticate:
+              $ref: "#/components/headers/WWWAuthenticate"
+components:
+  headers:
+    WWWAuthenticate:
+      required: false
+      schema:
+        type: string