Error setting session in Go auth plugin

Hi Tyk community!

I have developed a Golang plugin that I use like this:

"custom_middleware": {
        "pre": [],
        "auth_check": {
            "name": "CheckAuthentication",
            "path": "./plugins/keycloak/"

I’m using tykio/tyk-gateway:v3.2.2 version and I compile the plugin with:

docker run --rm -v `pwd`:/plugin-source tykio/tyk-plugin-compiler:v3.2.2

The plugin gets called, but I always get the error:

    "error": "Session state is missing or unset! Please make sure that auth headers are properly applied"

The code of the plugin is right now a simple test to allow any request:

func CheckAuthentication(rw http.ResponseWriter, r *http.Request) {
	accessToken := r.Header.Get(headers.Authorization)
	session := &user.SessionState{
		KeyID: accessToken,
		MetaData: map[string]interface{}{
			"token": accessToken,
	logger.Error("CheckAuthentication 1")
	ctx.SetSession(r, session, true)
	logger.Error("CheckAuthentication 2")

Logs are:

time="Dec 16 16:26:04" level=error msg=CheckAuthentication
time="Dec 16 16:26:04" level=error msg="<nil>"
time="Dec 16 16:26:04" level=error 
time="Dec 16 16:26:04" level=error msg="CheckAuthentication 1"
time="Dec 16 16:26:04" level=error msg="CheckAuthentication 2"
time="Dec 16 16:26:04" level=error msg="Bearer eyJhbGciOiJSUzI1NiI.......BLABLABLA"

I had a similar plugin perfectly working on Tyk v2.9.2, but as is remarked in , now the signature of SetSession has changed.

Of course, the example in Golang plugins does not compile.

Any help would be appreciated. Thanks!

1 Like

Hi @achojoao, and welcome to the community.

Could you share your full API definition without sensitive information in it?

Thanks @Olu

Here it is:

    "name": "keycloak_resources",
    "slug": "keycloak_resources",
    "api_id": "3",
    "org_id": "1",
    "use_keyless": false,
    "use_go_plugin_auth": true,
    "definition": {
        "location": "header",
        "key": "x-api-version"
    "version_data": {
        "not_versioned": true,
        "versions": {
            "Default": {
                "name": "Default",
                "use_extended_paths": true
    "proxy": {
        "listen_path": "/api/myservice",
        "target_url": "",
        "strip_listen_path": true
    "active": true,
    "custom_middleware": {
        "pre": [],
        "auth_check": {
            "name": "CheckAuthentication",
            "path": "./plugins/keycloak/"
        "post_auth_check": [],
        "post": [],
        "response": [],
        "driver": "goplugin"

We were expecting to see the property base_identity_provided_by, however, that is not the case here.

We will check internally and get back to you soon

Hi @achojoao,

Thanks for your patience. We discovered a bug in version 3.2.2 where the session or API definition is not being retrieved with the golang plugins. 3.2.1 also has the same issue - confirmed by @redochenzhen

However, we tested the versions below and confirmed they work as expected

  • 3.1.2
  • 3.0.8
  • 3.0.7

We are currently addressing the issue. In the meantime, you can to use any of the earlier versions before 3.2.x.

If you have a specific reason for using version 3.2.2, then please let me know. I will update this thread as soon as I get an update regarding the issue.

similar issue. The version I tried is v3.2.1

@redochenzhen Could you try using v3.2.3?

It appears that the fix for the session issue was deployed in that version.

I have modified my earlier response regarding the issue and updated the thread