-
-
Notifications
You must be signed in to change notification settings - Fork 557
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
can't use SkipRequestBodyEncodeDecode and authentification at the same time #3328
Comments
OK I found I can use 'Header' to map the APIKey payload, but it seems that it should not have been necessary. |
Some APIs use query string parameters for API keys so Goa can't assume it is a header. |
OK, but if I don't specify anything, it does automatically use a header. However the check in SkipRequestBodyEncodeDecode does not consider it was mapped in this case. |
Ah sorry I had missed the point about the default behavior. That is indeed inconsistent - reopening :) |
I tried to reproduce this issue but wasn't able to, the following works as expected: package design
import . "goa.design/goa/v3/dsl"
// APIKeyAuth defines a security scheme that uses API keys.
var APIKeyAuth = APIKeySecurity("api_key", func() {
Description("Secures endpoint by requiring an API key.")
})
var _ = Service("foo", func() {
Method("bar", func() {
Security(APIKeyAuth)
Payload(func() {
APIKey("api_key", "key")
})
HTTP(func() {
POST("/")
SkipRequestBodyEncodeDecode()
})
})
}) If you are still seeing the issue can you please provide a design that reproduces it? |
Hi, it took me a bit of time to understand, to reproduce the issue, the package design
import . "goa.design/goa/v3/dsl"
// APIKeyAuth defines a security scheme that uses API keys.
var APIKeyAuth = APIKeySecurity("api_key", func() {
Description("Secures endpoint by requiring an API key.")
})
var _ = Service("foo", func() {
Security(APIKeyAuth)
Method("bar", func() {
Payload(func() {
APIKey("api_key", "key")
})
HTTP(func() {
POST("/")
SkipRequestBodyEncodeDecode()
})
})
}) |
Thanks for the repro! This is fixed by #3359 |
I get the error 'HTTP endpoint request body must be empty when using SkipRequestBodyEncodeDecode but not all method payload attributes are mapped to headers and params. Make sure to define Headers and Params as needed.' when using goa gen.
However all my method payload attributes are mapped, one of them is an API key (in header) declared with 'APIKey', but seem to be ignored in this check.
The text was updated successfully, but these errors were encountered: