Revert "[TT-5588] [OAS] gateway apiKey import generates unnecessary object" (#7299)

radkrawczyk · web-flow · commit e7dd30f1dc4f · 2025-08-12T13:51:00.000+02:00
### **User description** <details open> <summary><a href="https://tyktech.atlassian.net/browse/TT-5588" title="TT-5588" target="_blank">TT-5588</a></summary> <br /> <table> <tr> <th>Summary</th> <td>[OAS] gateway apiKey import generates unnecessary object</td> </tr> <tr> <th>Type</th> <td> <img alt="Bug" src="https://tyktech.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium" /> Bug </td> </tr> <tr> <th>Status</th> <td>In Dev</td> </tr> <tr> <th>Points</th> <td>N/A</td> </tr> <tr> <th>Labels</th> <td><a href="https://tyktech.atlassian.net/issues?jql=project%20%3D%20TT%20AND%20labels%20%3D%20codilime_refined%20ORDER%20BY%20created%20DESC" title="codilime_refined">codilime_refined</a></td> </tr> </table> </details>  --- Reverts #7270 ___ ### **PR Type** Bug fix, Tests ___ ### **Description** Re-enable JSON inlining for `AuthSources` Remove test asserting non-serialization Keep token auth fill/roundtrip behavior intact Align JSON tags with intended API shape ___ ### Diagram Walkthrough ```mermaid flowchart LR Token["Token struct"] AuthSources["AuthSources fields"] JSONTag["json:\",inline\""] TestRemoval["Remove non-serialization test"] Token -- contains --> AuthSources AuthSources -- applied via --> JSONTag JSONTag -- implies --> InlinedInJSON["Inlined in JSON output"] TestRemoval -- aligns with --> InlinedInJSON ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Bug fix</strong></td><td><table> <tr> <td> <details> <summary><strong>security.go</strong><dd><code>Re-enable JSON inlining for AuthSources in Token</code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </dd></summary> <hr> apidef/oas/security.go <ul><li>Change <code>Token.AuthSources</code> JSON tag to <code>",inline"</code><br> <li> Revert exclusion from JSON serialization</ul> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/7299/files#diff-15e7d47137452ca4f3f6139aa8c007cdb426152c41846f712f8bf5dfb607afcc">+1/-1</a>&nbsp; &nbsp; &nbsp; </td> </tr> </table></td></tr><tr><td><strong>Tests</strong></td><td><table> <tr> <td> <details> <summary><strong>security_test.go</strong><dd><code>Delete test asserting AuthSources not serialized</code>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </dd></summary> <hr> apidef/oas/security_test.go <ul><li>Remove round-trip JSON test for <code>AuthSources</code> omission<br> <li> Keep existing Token tests intact</ul> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/7299/files#diff-5184167309db0462243e424baca87b5bb668962d8cc1076629fdcf11f00487e5">+0/-15</a>&nbsp; &nbsp; </td> </tr> </table></td></tr></tr></tbody></table> </details> ___
diff --git a/apidef/oas/security.go b/apidef/oas/security.go
@@ -30,7 +30,7 @@ type Token struct {
 	Enabled bool `bson:"enabled" json:"enabled"` // required
 
 	// AuthSources contains the configuration for authentication sources.
-	AuthSources `bson:",inline" json:"-"`
+	AuthSources `bson:",inline" json:",inline"`
 
 	// EnableClientCertificate allows to create dynamic keys based on certificates.
 	//
diff --git a/apidef/oas/security_test.go b/apidef/oas/security_test.go
@@ -1,7 +1,6 @@
 package oas
 
 import (
-	"encoding/json"
 	"sort"
 	"testing"
 
@@ -277,20 +276,6 @@ func TestOAS_Token(t *testing.T) {
 	convertedOAS.fillToken(api)
 
 	assert.Equal(t, oas, convertedOAS)
-
-	// Make sure AuthSources are not serialized into json.
-	token.Query = &AuthSource{Enabled: true}
-	token.Header = &AuthSource{Enabled: true}
-	token.Cookie = &AuthSource{Enabled: true}
-	bytes, err := json.Marshal(token)
-	assert.NoError(t, err)
-
-	var unmarshalledToken Token
-	err = json.Unmarshal(bytes, &unmarshalledToken)
-	assert.NoError(t, err)
-	assert.Nil(t, unmarshalledToken.Query)
-	assert.Nil(t, unmarshalledToken.Header)
-	assert.Nil(t, unmarshalledToken.Cookie)
 }
 
 func TestOAS_Token_MultipleSecuritySchemes(t *testing.T) {
