Error handling when `authorizationBearerToken` is invalid

jquad-group / backstage-jquad

Tekton Pipelines Plugin for Backstage

Apache License 2.0

18 stars 6 forks source link

Error handling when `authorizationBearerToken` is invalid #3

Open jizusun opened 1 year ago

jizusun commented 1 year ago

Hi,

I just found if I put an invalid authorizationBearerToken, then I got an 200 response from the plugin backend, and an empty list in the plugin frontend UI.

Shall we return 403 from the plugin backend, if the API request to K8s is 403? or shall we return 5xx since the token is NOT for the current user, and we regard this as a server internal error?

rannox commented 1 year ago

Hi jizusun,

Thanks for bringing that up! Since the frontend is not creating the token itself or sending specific data, necessary for its creation he is not able to fix the situation. Would according to the REST specification mean that this is indeed some "internal server error" in the range of 5xx. Cause would then accordingly be the wrong token set in the backend's config file.

jizusun commented 1 year ago

Thank you! Actually I also prefer to use 5xx, and let me try to implement later.

rannox commented 1 year ago

Perfect, thank you! :)

rannox commented 1 year ago

In the newest version the backend plugin is now returning 5xx on invalid authorizationBearerToken. Can we close this @jizusun ?