feat(python-sdk): support omitting username/password from basic auth when configured in IR

generators/python-v2/dynamic-snippets/src/EndpointSnippetGenerator.ts

@@ -293,16 +293,24 @@ export class EndpointSnippetGenerator {
         auth: FernIr.dynamic.BasicAuth;
         values: FernIr.dynamic.BasicAuthValues;
     }): python.NamedValue[] {
-        return [
-            {
+        // usernameOmit/passwordOmit may exist in newer IR versions
+        const authRecord = auth as unknown as Record<string, unknown>;
+        const usernameOmitted = !!authRecord.usernameOmit;
+        const passwordOmitted = !!authRecord.passwordOmit;
+        const args: python.NamedValue[] = [];
+        if (!usernameOmitted) {
+            args.push({
                 name: this.context.getPropertyName(auth.username),
                 value: python.TypeInstantiation.str(values.username)
-            },
-            {
+            });
+        }
+        if (!passwordOmitted) {
+            args.push({
                 name: this.context.getPropertyName(auth.password),
                 value: python.TypeInstantiation.str(values.password)
-            }
-        ];
+            });
+        }
+        return args;
     }
 
     private getConstructorBearerAuthArgs({

generators/python/sdk/versions.yml

@@ -1,5 +1,17 @@
 # yaml-language-server: $schema=../../../fern-versions-yml.schema.json
 # For unreleased changes, use unreleased.yml
+- version: 5.4.0
+  changelogEntry:
+    - summary: |
+        Support omitting username or password from basic auth when configured via
+        `usernameOmit` or `passwordOmit` in the IR. Omitted fields are removed from
+        the SDK's public API and treated as empty strings internally (e.g., omitting
+        password encodes `username:`, omitting username encodes `:password`). When
+        both are omitted, the Authorization header is skipped entirely.
+      type: feat
+  createdAt: "2026-04-03"
+  irVersion: 65
+
 - version: 5.3.1
   changelogEntry:
     - summary: |
@@ -40,7 +52,6 @@
       type: feat
   createdAt: "2026-03-31"
   irVersion: 65
-
 - version: 5.1.3
   changelogEntry:
     - summary: |

packages/cli/generation/ir-generator/src/dynamic-snippets/DynamicSnippetsConverter.ts

@@ -732,11 +732,22 @@ export class DynamicSnippetsConverter {
         }
         const scheme = auth.schemes[0];
         switch (scheme.type) {
-            case "basic":
-                return DynamicSnippets.Auth.basic({
+            case "basic": {
+                const basicAuth: DynamicSnippets.BasicAuth & {
+                    usernameOmit?: boolean;
+                    passwordOmit?: boolean;
+                } = {
                     username: this.inflateName(scheme.username),
                     password: this.inflateName(scheme.password)
-                });
+                };
+                if (scheme.usernameOmit) {
+                    basicAuth.usernameOmit = scheme.usernameOmit;
+                }
+                if (scheme.passwordOmit) {
+                    basicAuth.passwordOmit = scheme.passwordOmit;
+                }
+                return DynamicSnippets.Auth.basic(basicAuth);
+            }
             case "bearer":
                 return DynamicSnippets.Auth.bearer({
                     token: this.inflateName(scheme.token)