Open davormilutinovic opened 1 month ago
Just found another reference to the same issue link.
I've opened a PR for it. I tested it in our instance and it worked fine. It's following the same idea as other upstream actions in backstage, and always using the bearer token if it's defined. This should do the trick
I've opened a PR for it. I tested it in our instance and it worked fine. It's following the same idea as other upstream actions in backstage, and always using the bearer token if it's defined. This should do the trick
Hi. For some reason your changes are still not working for me.
I have used your fork and there was an error during execution of one template
...There was an issue with your request. Status code: 401 Response body: {"error":{"name":"AuthenticationError","message":"Invalid plugin token; caused by JWTClaimValidationFailed: unexpected \"aud\" claim value","cause":{"code":"ERR_JWT_CLAIM_VALIDATION_FAILED...
After I reverted from
const { token } = (await auth?.getPluginRequestToken({
onBehalfOf: await ctx.getInitiatorCredentials(),
targetPluginId: 'proxy',
})) ?? { token: ctx.secrets?.backstageToken };
to
const credentials = await ctx.getInitiatorCredentials();
// @ts-expect-error
const token = credentials.token;
It has start working again?
Expected Behavior The http:backstage:request action should use the initiator's credentials to retrieve the token, ensuring proper authentication when making HTTP requests.
Current Behavior The http:backstage:request action uses old ctx.secrets?.backstageToken or ctx.secrets.backstageToken to retrieve the token, which leads to an authentication error with the message "Invalid plugin token; caused by JWTClaimValidationFailed: unexpected 'aud' claim value".
link to code line :https://github.com/RoadieHQ/roadie-backstage-plugins/blob/c62ec52707b3be39c40d240d299dba00995a3243/plugins/scaffolder-actions/scaffolder-backend-module-http-request/src/actions/run/backstageRequest.ts#L120
Steps to Reproduce Configure a template in Backstage that uses the http:backstage:request action to make an authenticated HTTP request. Execute the template to trigger the action. Observe the authentication error in the logs.
Possible Solution
Modify the http:backstage:request action to use ctx.getInitiatorCredentials().token instead of ctx.secrets?.backstageToken
Quick fix
Context
This issue prevents us from properly authenticating HTTP requests within the Backstage scaffolder, causing our pipeline creation process to fail with authentication errors. We are trying to automate the creation of SonarQube pipelines in Azure, and this bug is a blocker for our workflow.
Your Environment yarn: 1.22.21 cli: 0.26.6 (installed) backstage: 1.27.6
Dependencies: "@roadiehq/scaffolder-backend-module-http-request": "^4.3.2", @backstage/app-defaults 1.5.5 @backstage/backend-app-api 0.7.5 @backstage/backend-common 0.22.0 @backstage/backend-defaults 0.2.18 @backstage/backend-dev-utils 0.1.4 @backstage/backend-openapi-utils 0.1.11 @backstage/backend-plugin-api 0.6.21 @backstage/backend-tasks 0.5.26 @backstage/catalog-client 1.6.5 @backstage/catalog-model 1.5.0 @backstage/cli-common 0.1.14 @backstage/cli-node 0.2.5 @backstage/cli 0.26.6 @backstage/config-loader 1.8.0 @backstage/config 1.2.0 @backstage/core-app-api 1.13.0 @backstage/core-compat-api 0.2.5 @backstage/core-components 0.14.7 @backstage/core-plugin-api 1.9.3 @backstage/dev-utils 1.0.32 @backstage/e2e-test-utils 0.1.1 @backstage/errors 1.2.4 @backstage/eslint-plugin 0.1.8 @backstage/frontend-plugin-api 0.6.5 @backstage/integration-aws-node 0.1.12 @backstage/integration-react 1.1.27 @backstage/integration 1.12.0 @backstage/plugin-analytics-module-ga4 0.2.5 @backstage/plugin-api-docs 0.11.5 @backstage/plugin-app-backend 0.3.67 @backstage/plugin-app-node 0.1.18 @backstage/plugin-auth-backend-module-atlassian-provider 0.1.10 @backstage/plugin-auth-backend-module-aws-alb-provider 0.1.10 @backstage/plugin-auth-backend-module-azure-easyauth-provider 0.1.1 @backstage/plugin-auth-backend-module-bitbucket-provider 0.1.1 @backstage/plugin-auth-backend-module-cloudflare-access-provider 0.1.1 @backstage/plugin-auth-backend-module-gcp-iap-provider 0.2.13 @backstage/plugin-auth-backend-module-github-provider 0.1.15 @backstage/plugin-auth-backend-module-gitlab-provider 0.1.15 @backstage/plugin-auth-backend-module-google-provider 0.1.15 @backstage/plugin-auth-backend-module-guest-provider 0.1.7 @backstage/plugin-auth-backend-module-microsoft-provider 0.1.13 @backstage/plugin-auth-backend-module-oauth2-provider 0.1.15 @backstage/plugin-auth-backend-module-oauth2-proxy-provider 0.1.11 @backstage/plugin-auth-backend-module-oidc-provider 0.1.9 @backstage/plugin-auth-backend-module-okta-provider 0.0.11 @backstage/plugin-auth-backend 0.22.5 @backstage/plugin-auth-node 0.4.16 @backstage/plugin-auth-react 0.1.2 @backstage/plugin-azure-devops-common 0.4.2 @backstage/plugin-azure-devops 0.4.4 @backstage/plugin-catalog-backend-module-azure 0.1.41 @backstage/plugin-catalog-backend-module-msgraph 0.5.26 @backstage/plugin-catalog-backend-module-scaffolder-entity-model 0.1.19 @backstage/plugin-catalog-backend 1.22.0 @backstage/plugin-catalog-common 1.0.24 @backstage/plugin-catalog-graph 0.4.5 @backstage/plugin-catalog-import 0.11.0 @backstage/plugin-catalog-node 1.12.3 @backstage/plugin-catalog-react 1.12.0 @backstage/plugin-catalog 1.20.0 @backstage/plugin-events-node 0.3.4 @backstage/plugin-gcalendar 0.3.28 @backstage/plugin-github-actions 0.6.16 @backstage/plugin-home-react 0.1.13 @backstage/plugin-home 0.7.4 @backstage/plugin-microsoft-calendar 0.1.17 @backstage/plugin-org 0.6.25 @backstage/plugin-pagerduty 0.7.7 @backstage/plugin-permission-backend-module-allow-all-policy 0.1.18 @backstage/plugin-permission-backend 0.5.45 @backstage/plugin-permission-common 0.7.14 @backstage/plugin-permission-node 0.7.32 @backstage/plugin-permission-react 0.4.22 @backstage/plugin-proxy-backend 0.4.16 @backstage/plugin-scaffolder-backend-module-azure 0.1.13 @backstage/plugin-scaffolder-backend-module-bitbucket-cloud 0.1.11 @backstage/plugin-scaffolder-backend-module-bitbucket-server 0.1.11 @backstage/plugin-scaffolder-backend-module-bitbucket 0.2.11 @backstage/plugin-scaffolder-backend-module-gerrit 0.1.13 @backstage/plugin-scaffolder-backend-module-gitea 0.1.11 @backstage/plugin-scaffolder-backend-module-github 0.3.2 @backstage/plugin-scaffolder-backend-module-gitlab 0.4.3 @backstage/plugin-scaffolder-backend 1.22.11 @backstage/plugin-scaffolder-common 1.5.3 @backstage/plugin-scaffolder-node 0.2.10, 0.4.7 @backstage/plugin-scaffolder-react 1.8.6 @backstage/plugin-scaffolder 1.20.1 @backstage/plugin-search-backend-module-catalog 0.1.24 @backstage/plugin-search-backend-module-pg 0.5.27 @backstage/plugin-search-backend-module-techdocs 0.1.23 @backstage/plugin-search-backend-node 1.2.23 @backstage/plugin-search-backend 1.5.9 @backstage/plugin-search-common 1.2.12 @backstage/plugin-search-react 1.7.11 @backstage/plugin-search 1.4.11 @backstage/plugin-sonarqube-backend 0.2.20 @backstage/plugin-sonarqube-react 0.1.16 @backstage/plugin-sonarqube 0.7.17 @backstage/plugin-stack-overflow 0.1.30 @backstage/plugin-tech-radar 0.7.4 @backstage/plugin-techdocs-backend 1.10.5 @backstage/plugin-techdocs-module-addons-contrib 1.1.10 @backstage/plugin-techdocs-node 1.12.4 @backstage/plugin-techdocs-react 1.2.4 @backstage/plugin-techdocs 1.10.5 @backstage/plugin-user-settings 0.8.6 @backstage/release-manifests 0.0.11 @backstage/repo-tools 0.9.0 @backstage/test-utils 1.5.5 @backstage/theme 0.5.5 @backstage/types 1.1.1 @backstage/version-bridge 1.0.8