smithy-lang · kstich · Dec 4, 2020 · Oct 22, 2020
diff --git a/docs/source/1.0/spec/aws/amazon-apigateway.rst b/docs/source/1.0/spec/aws/amazon-apigateway.rst
@@ -114,10 +114,10 @@ An *authorizer* definition is a structure that supports the following members:
     * - type
       - ``string``
       - The type of the authorizer. If specifying information beyond the
-        scheme, this value is required. The value must be "token", for an
-        authorizer with the caller identity embedded in an authorization token,
-        or "request", for an authorizer with the caller identity contained in
-        request parameters.
+        scheme or customAuthType, this value is required. The value must be
+        "token", for an authorizer with the caller identity embedded in an
+        authorization token, or "request", for an authorizer with the caller
+        identity contained in request parameters.
     * - customAuthType
       - ``string``
       - The ``authType`` of the authorizer. This value is used in APIGateway

diff --git a/...y-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizers.java b/...y-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizers.java
@@ -127,11 +127,12 @@ public OperationObject updateOperation(
     }
 
     private boolean usesApiGatewayApiKeys(ServiceShape service, String operationAuth) {
-        // Get the authorizer for this operation if it has no "type" set,
-        // as is required for API Gateway's API keys.
+        // Get the authorizer for this operation if it has no "type" or
+        // "customAuthType" set, as is required for API Gateway's API keys.
         Optional<AuthorizerDefinition> definitionOptional = service.getTrait(AuthorizersTrait.class)
                 .flatMap(authorizers -> authorizers.getAuthorizer(operationAuth)
-                        .filter(authorizer -> !authorizer.getType().isPresent()));
+                        .filter(authorizer -> !authorizer.getType().isPresent()
+                                && !authorizer.getCustomAuthType().isPresent()));
 
         if (!definitionOptional.isPresent()) {
             return false;
@@ -195,12 +196,15 @@ private <T extends Trait> SecurityScheme convertAuthScheme(
         SecurityScheme createdScheme = converter.createSecurityScheme(context, authTrait);
         SecurityScheme.Builder schemeBuilder = createdScheme.toBuilder();
 
-        // Do not set the client extension if there is no "type" property
-        // set on the authorizer definition. This is consistent with the
-        // "type" property support in the documentation.
-        // This is necessary to enable API Gateway's built-in API key validation.
-        String authType = authorizer.getCustomAuthType().orElse(DEFAULT_AUTH_TYPE);
-        if (authorizer.getType().isPresent()) {
+        // Do not default the client extension if there is no "type" property
+        // set on the authorizer definition. This allows setting the
+        // "customAuthType" property without setting the "type".
+        //
+        // This is necessary to enable various API Gateway authentication
+        // schemes and usage plans.
+        Optional<String> authTypeOptional = authorizer.getCustomAuthType();
+        if (authorizer.getType().isPresent() || authTypeOptional.isPresent()) {
+            String authType = authTypeOptional.orElse(DEFAULT_AUTH_TYPE);
             schemeBuilder.putExtension(CLIENT_EXTENSION_NAME, authType);
         }
 

diff --git a/...enapi/src/test/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizersTest.java b/...enapi/src/test/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizersTest.java
@@ -111,7 +111,7 @@ public void addsCustomAuthType() {
         assertThat(sigV4.getName().get(), equalTo("Authorization"));
         assertThat(sigV4.getIn().get(), equalTo("header"));
         assertThat(sigV4.getExtension("x-amazon-apigateway-authtype").get(), equalTo(Node.from("myCustomType")));
-        assertTrue(sigV4.getExtension("x-amazon-apigateway-authorizer").isPresent());
+        assertFalse(sigV4.getExtension("x-amazon-apigateway-authorizer").isPresent());
     }
 
     @Test

diff --git a/.../resources/software/amazon/smithy/aws/apigateway/openapi/custom-auth-type-authorizer.json b/.../resources/software/amazon/smithy/aws/apigateway/openapi/custom-auth-type-authorizer.json
@@ -13,7 +13,6 @@
                 "aws.apigateway#authorizers": {
                     "sigv4": {
                         "scheme": "aws.auth#sigv4",
-                        "type": "request",
                         "customAuthType": "myCustomType"
                     }
                 }