[GO] Bad Multiple Authentication Key setting

[emreakca]

Description

Multiple Authentication settings won't work, since the API is setting the same key for multiple Headers.

openapi-generator version

3.1

OpenAPI declaration file content or url

in yaml:

[...]
security:
  - ApiKeyAuth1: []
  - ApiKeyAuth2: []
[...]
components:
  securitySchemes:
    ApiKeyAuth1:
      type: apiKey
      in: header
      name: X-Auth-Key-1
    ApiKeyAuth2:
      type: apiKey
      in: header
      name: X-Auth-Key-2

in go:

	if ctx != nil {
		// API Key Authentication
		if auth, ok := ctx.Value(ContextAPIKey).(APIKey); ok {
			var key string
			if auth.Prefix != "" {
				key = auth.Prefix + " " + auth.Key
			} else {
				key = auth.Key
			}
			localVarHeaderParams["X-Auth-Key-1"] = key
		}
	}

	if ctx != nil {
		// API Key Authentication
		if auth, ok := ctx.Value(ContextAPIKey).(APIKey); ok {
			var key string
			if auth.Prefix != "" {
				key = auth.Prefix + " " + auth.Key
			} else {
				key = auth.Key
			}
			localVarHeaderParams["X-Auth-Key-2"] = key
		}
	}

[wing328]

@emreakca thanks for reporting the issue.

cc @antihax (2017/11) @bvwells (2017/12) @grokify (2018/07)

[nmuesch]

Hey @wing328 👋 Do you know if this is being actively worked on? I started looking into it to see if I could offer a contribution (my first 😄). I think one approach to resolving this would be to make the APIKey struct have one field per APIKey attribute from the openapi spec. I have the start of something thats working locally for me here - https://github.com/OpenAPITools/openapi-generator/compare/master...nmuesch:nick/fix_go_api_key?expand=1 Its not quite ready for a full PR yet so I wanted to post it here and get some thoughts!

A caveat I noticed here is that:

• the name of the APIKey in the spec would have to be capitalized so that its exported in the autogenerated spec
• I'm not sure if there are use cases for having different prefixes per key, but this would still use the same prefix on each key.

Would appreciate any feedback/thoughts 🙇

[adamdecaf]

What about the codegen template using the provided names, so in the original example ContextApiKeyAuth1 and ContextApiKeyAuth2?

[antihax]

Could just make it a slice of strings or a struct holding the needed data and pass this through the context? Should gracefully work if it is 1 or 100 keys.

[nmuesch]

I added a second commit to the compare link from my last message. I'm not personally using Prefix and I wasn't able to find docs surrounding its use case, so I'm not sure if I'm missing something surrounding that. The second commit I made is based off of @adamdecaf's suggestion and just means you have to set the context value for each key you want to pass in.