I’m trying to implement authentication in my API with swagger. I followed the example here Authentication with API key | go-swagger
consumes:
- application/json
info:
description: myapi
title: myapi
version: 3.0.0
produces:
- application/json
schemes:
- http
swagger: "2.0"
parameters:
xxx
securityDefinitions:
SecretAuth:
type: apiKey
name: MyToken
in: header
description: "Enter the token"
security:
- SecretAuth: []
paths:
and this is the api definition in go
func configureAPI(api *operations.RestAPI) http.Handler {
api.ServeError = errors.ServeError
api.UseSwaggerUI()
api.JSONConsumer = runtime.JSONConsumer()
api.JSONProducer = runtime.JSONProducer()
api.TxtProducer = runtime.TextProducer()
// Applies when the "MyToken" header is set
api.SecretAuthAuth = func(token string) (*models.Principal, error) {
if token == xxxx {
prin := models.Principal(token)
return &prin, nil
}
api.Logger("Access attempt with incorrect api key auth: %s", token)
return nil, errors.New(401, "incorrect api key auth")
}
.
.
.
<rest-of-the-code>
The problem is when I call the api endpoint the authentication is getting ignored
curl -v --insecure \
-X GET \
-H "Content-Type: application/json" \
-H "Authentication: MyToken xxx" \
https://MacBook-Pro.local:12443/compliance/api/v1/state
any suggestions on what I’m doing wrong?
I think the value of MyToken is the value that is being pass automatically to the api.SecretAuthAuth (the token)