Features

Auth Playground

The auth playground adds an interactive panel to your Scalar docs UI where API consumers can enter credentials, test authentication flows, and see the resulting headers — without leaving the documentation. It supports credential persistence so users don't have to re-enter tokens on every page load.

PlaygroundConfig

PlaygroundConfig controls the playground behavior and is passed to the top-level Config.

playground_config.go
type PlaygroundConfig struct {
	Enabled           bool            // Enable the auth playground panel
	Schemes           []auth.Scheme   // Auth schemes available in the playground
	CredentialStore   CredentialStore // Where to persist entered credentials
	ShowRawHeaders    bool            // Show the generated Authorization header
	AutoAttach        bool            // Auto-attach credentials to try-it requests
}

Minimal setup

basic_playground.go
import (
	openswag "github.com/andrianprasetya/open-swag-go"
	"github.com/andrianprasetya/open-swag-go/pkg/auth"
)
 
cfg := openswag.Config{
	Title:   "My API",
	Version: "1.0.0",
	Playground: auth.PlaygroundConfig{
		Enabled: true,
		Schemes: []auth.Scheme{auth.PredefinedBearer},
	},
}

This gives you a playground panel with a single bearer token input. Credentials are not persisted by default.

Functional Options

For more control, use functional options instead of setting struct fields directly. Each option returns a modifier that configures one aspect of the playground.

functional_options.go
playground := auth.NewPlayground(
	auth.WithSchemes(auth.PredefinedBearer, apiKeyScheme),
	auth.WithCredentialStore(auth.LocalStorage),
	auth.WithShowRawHeaders(true),
	auth.WithAutoAttach(true),
)
 
cfg := openswag.Config{
	Title:      "My API",
	Version:    "1.0.0",
	Playground: playground,
}

Available options

OptionDescriptionDefault
WithSchemes(schemes...)Auth schemes shown in the playgroundnone
WithCredentialStore(store)Where credentials are persistedauth.None
WithShowRawHeaders(bool)Display the raw Authorization header valuefalse
WithAutoAttach(bool)Auto-attach credentials to try-it console requestsfalse

Credential Persistence

The CredentialStore type controls where the playground saves credentials in the browser. Three options are available:

credential_stores.go
auth.LocalStorage    // Persist across browser sessions (survives tab close)
auth.SessionStorage  // Persist for the current tab only (cleared on close)
auth.None            // Never persist — credentials are cleared on page reload

Choosing a store

Use LocalStorage for internal or development docs where convenience matters:

auth.NewPlayground(
	auth.WithSchemes(auth.PredefinedBearer),
	auth.WithCredentialStore(auth.LocalStorage),
)

Use SessionStorage for shared environments where credentials should not outlive the browser tab:

auth.NewPlayground(
	auth.WithSchemes(auth.PredefinedBearer),
	auth.WithCredentialStore(auth.SessionStorage),
)

Use None for public-facing docs or when security policy prohibits client-side credential storage:

auth.NewPlayground(
	auth.WithSchemes(auth.PredefinedBearer),
	auth.WithCredentialStore(auth.None),
)

Multiple Auth Schemes

The playground can present several auth schemes at once. Users pick the one that matches their integration.

multi_scheme_playground.go
bearerScheme := auth.BearerAuth(auth.BearerAuthConfig{
	Description:  "JWT access token",
	BearerFormat: "JWT",
})
 
apiKeyScheme := auth.APIKeyAuth(auth.APIKeyAuthConfig{
	Name:        "X-API-Key",
	In:          "header",
	Description: "API key for machine-to-machine access",
})
 
playground := auth.NewPlayground(
	auth.WithSchemes(bearerScheme, apiKeyScheme),
	auth.WithCredentialStore(auth.SessionStorage),
	auth.WithAutoAttach(true),
)

Full Example

Putting it all together — a config with bearer and API key auth, session-scoped persistence, raw header preview, and auto-attach enabled:

full_example.go
package main
 
import (
	openswag "github.com/andrianprasetya/open-swag-go"
	"github.com/andrianprasetya/open-swag-go/pkg/auth"
	"github.com/andrianprasetya/open-swag-go/adapters/nethttp"
	"net/http"
)
 
func main() {
	bearerScheme := auth.BearerAuth(auth.BearerAuthConfig{
		Description:  "JWT access token",
		BearerFormat: "JWT",
	})
 
	playground := auth.NewPlayground(
		auth.WithSchemes(bearerScheme),
		auth.WithCredentialStore(auth.SessionStorage),
		auth.WithShowRawHeaders(true),
		auth.WithAutoAttach(true),
	)
 
	cfg := openswag.Config{
		Title:       "My API",
		Version:     "1.0.0",
		Description: "API with auth playground",
		Playground:  playground,
	}
 
	endpoints := []openswag.Endpoint{
		{
			Method:   "GET",
			Path:     "/users/me",
			Summary:  "Get current user",
			Tags:     []string{"Users"},
			Security: []auth.Scheme{bearerScheme},
			Responses: []openswag.Response{
				{StatusCode: 200, Description: "User profile", ContentType: "application/json"},
				{StatusCode: 401, Description: "Unauthorized"},
			},
		},
	}
 
	docs := openswag.New(cfg, endpoints...)
	mux := http.NewServeMux()
	nethttp.Mount(mux, "/docs", docs)
 
	http.ListenAndServe(":8080", mux)
}

Authentication

Previous Page

Try-It Console

Next Page

On this page

Auth PlaygroundPlaygroundConfigMinimal setupFunctional OptionsAvailable optionsCredential PersistenceChoosing a storeMultiple Auth SchemesFull Example