[BUG] AsyncAPI v3.0: Cannot parse servers.security as array #294
Description
Bug Report: AsyncAPI v3.0 servers.security array unmarshaling error
Description
The asyncapi-codegen tool fails to parse AsyncAPI v3.0 specifications when servers[].security is defined as an array (which is the correct format per AsyncAPI v3.0 spec).
Error Message
Error: json: cannot unmarshal array into Go struct field Server.servers.security of type asyncapiv3.SecurityScheme
Expected Behavior
The tool should successfully parse AsyncAPI v3.0 specifications where servers[].security is defined as an array of security requirement objects, as per the AsyncAPI v3.0 specification.
Actual Behavior
The tool attempts to unmarshal the security array into a single SecurityScheme object, causing a type mismatch error and preventing code generation.
Steps to Reproduce
- Create an AsyncAPI v3.0 specification with security defined as an array:
asyncapi: 3.0.0
info:
title: Test Service
version: 1.0.0
servers:
production:
host: example.com
protocol: nats
security:
- $ref: '#/components/securitySchemes/credentialsFile'
components:
securitySchemes:
credentialsFile:
type: symmetricEncryption
description: Credentials file- Run code generation:
asyncapi-codegen -i asyncapi.yaml -p myapi -o output.go -g types- Observe the error
Root Cause Analysis
The AsyncAPI v3.0 specification defines servers[].security as:
Security Requirement Object[] | A declaration of which security mechanisms can be used with this server.
However, the asyncapi-codegen internal struct appears to define it as a single object:
type Server struct {
Security asyncapiv3.SecurityScheme // Should be []SecurityRequirement
}Environment
- asyncapi-codegen version: v0.46.3
- Go version: go1.25.1 linux/amd64
- OS: Linux
- AsyncAPI specification version: 3.0.0
Workaround
Temporarily remove the security section from the AsyncAPI specification before running code generation.
Impact
This prevents using asyncapi-codegen with any AsyncAPI v3.0 specification that properly defines server security requirements, which is a common pattern in production services.
Proposed Solution
Update the internal Server struct to use []SecurityRequirement instead of SecurityScheme for the security field, aligning with the AsyncAPI v3.0 specification.