Error setting session in Go auth plugin

Hi Tyk community!

I have developed a Golang plugin that I use like this:

"custom_middleware": {
        "pre": [],
        "auth_check": {
            "name": "CheckAuthentication",
            "path": "./plugins/keycloak/"

I’m using tykio/tyk-gateway:v3.2.2 version and I compile the plugin with:

docker run --rm -v `pwd`:/plugin-source tykio/tyk-plugin-compiler:v3.2.2

The plugin gets called, but I always get the error:

    "error": "Session state is missing or unset! Please make sure that auth headers are properly applied"

The code of the plugin is right now a simple test to allow any request:

func CheckAuthentication(rw http.ResponseWriter, r *http.Request) {
	accessToken := r.Header.Get(headers.Authorization)
	session := &user.SessionState{
		KeyID: accessToken,
		MetaData: map[string]interface{}{
			"token": accessToken,
	logger.Error("CheckAuthentication 1")
	ctx.SetSession(r, session, true)
	logger.Error("CheckAuthentication 2")

Logs are:

time="Dec 16 16:26:04" level=error msg=CheckAuthentication
time="Dec 16 16:26:04" level=error msg="<nil>"
time="Dec 16 16:26:04" level=error 
time="Dec 16 16:26:04" level=error msg="CheckAuthentication 1"
time="Dec 16 16:26:04" level=error msg="CheckAuthentication 2"
time="Dec 16 16:26:04" level=error msg="Bearer eyJhbGciOiJSUzI1NiI.......BLABLABLA"

I had a similar plugin perfectly working on Tyk v2.9.2, but as is remarked in , now the signature of SetSession has changed.

Of course, the example in Golang plugins does not compile.

Any help would be appreciated. Thanks!

Hi @achojoao, and welcome to the community.

Could you share your full API definition without sensitive information in it?

Thanks @Olu

Here it is:

    "name": "keycloak_resources",
    "slug": "keycloak_resources",
    "api_id": "3",
    "org_id": "1",
    "use_keyless": false,
    "use_go_plugin_auth": true,
    "definition": {
        "location": "header",
        "key": "x-api-version"
    "version_data": {
        "not_versioned": true,
        "versions": {
            "Default": {
                "name": "Default",
                "use_extended_paths": true
    "proxy": {
        "listen_path": "/api/myservice",
        "target_url": "",
        "strip_listen_path": true
    "active": true,
    "custom_middleware": {
        "pre": [],
        "auth_check": {
            "name": "CheckAuthentication",
            "path": "./plugins/keycloak/"
        "post_auth_check": [],
        "post": [],
        "response": [],
        "driver": "goplugin"

We were expecting to see the property base_identity_provided_by, however, that is not the case here.

We will check internally and get back to you soon

Hi @achojoao,

Thanks for your patience. We discovered a bug in version 3.2.2 where the session or API definition is not being retrieved with the golang plugins. Anything with 3.2.x probably has the same issue.

However, we tested the versions below and confirmed they work as expected

  • 3.1.2
  • 3.0.8
  • 3.0.7

We are currently addressing the issue. In the meantime, you can to use any of the earlier versions before 3.2.x.

If you have a specific reason for using version 3.2.2, then please let me know. I will update this thread as soon as I get an update regarding the issue.