http-x-api-key auth not compatible with api gateway

[donocode]

In the code for the converter it states that it is compatible with api gateway api key authorization but it does not seem to be the case or at least with the open api definition generated it does not correctly set the ApiKeyRequired property on the api gateway methods.

From my findings the security scheme that is generated looks like this:

"http-x-api-key": {
  "type": "apiKey",
  "description": "X-Api-Key authentication",
  "name": "X-Api-Key",
  "in": "header"
}

Which api gateway ignores, however if changing the value of name to x-api-key then api gateway will correctly set the ApiKeyRequired property on any methods annotated with @auth(["http-x-api-key"])

The other thing is that it should set X-Api-Key as an allowed header when using the @cors() trait but it does not (though it could be easily added by modifying the converter above)

Am I misinterpreting how this should work or is this a bug in the converter (or api gateway)?

[mtdowling]

It's really weird that the "name" property is case sensitive in API Gateway. That seems like a bug. We can hack in a fix though for 0.9.x.

As for the CORs issue, here's a fix for the next major version we release (1.0): #328

[mtdowling]

This should be fixed in 0.9.x via #330, and in 0.10 via #328 + ensuring that the customer header used is lowercase.

[donocode]

Thanks for the quick turnaround!