-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with Token Retrieval in http:backstage:request Action - failing with JWTClaimValidationFailed #1475
Comments
Just found another reference to the same issue link. |
I've opened a PR for it. I tested it in our instance and it worked fine. It's following the same idea as other upstream actions in backstage, and always using the bearer token if it's defined. This should do the trick |
Hi. For some reason your changes are still not working for me. I have used your fork and there was an error during execution of one template
After I reverted from
to
It has start working again? |
the PR #1532 have fixed it |
HI Guys ..is there any workaround for this ? |
For the http:backstage:request action, which version are you using? |
if you are asking for this plugin - roadiehq-scaffolder-backend-module-http-request-dynamic , I have 4.3.2. |
You can upgrade to 4.3.4 to solve this |
Thank you I'll try that. Where I can find instructions to upgrade plugin to specific version ? I looked at documentation - https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.3 but could not find required configurations. Also I would not access to external repo directly and i have to go through proxy if I need to download specific plugin from external repo. Please let me know what doc to refer. TIA |
Expected Behavior
The http:backstage:request action should use the initiator's credentials to retrieve the token, ensuring proper authentication when making HTTP requests.
Current Behavior
The http:backstage:request action uses old ctx.secrets?.backstageToken or ctx.secrets.backstageToken to retrieve the token, which leads to an authentication error with the message "Invalid plugin token; caused by JWTClaimValidationFailed: unexpected 'aud' claim value".
link to code line :
roadie-backstage-plugins/plugins/scaffolder-actions/scaffolder-backend-module-http-request/src/actions/run/backstageRequest.ts
Line 120 in c62ec52
Steps to Reproduce
Configure a template in Backstage that uses the http:backstage:request action to make an authenticated HTTP request.
Execute the template to trigger the action.
Observe the authentication error in the logs.
Possible Solution
Modify the http:backstage:request action to use ctx.getInitiatorCredentials().token instead of ctx.secrets?.backstageToken
Quick fix
Context
This issue prevents us from properly authenticating HTTP requests within the Backstage scaffolder, causing our pipeline creation process to fail with authentication errors. We are trying to automate the creation of SonarQube pipelines in Azure, and this bug is a blocker for our workflow.
Your Environment
yarn: 1.22.21
cli: 0.26.6 (installed)
backstage: 1.27.6
Dependencies:
"@roadiehq/scaffolder-backend-module-http-request": "^4.3.2",
@backstage/app-defaults 1.5.5
@backstage/backend-app-api 0.7.5
@backstage/backend-common 0.22.0
@backstage/backend-defaults 0.2.18
@backstage/backend-dev-utils 0.1.4
@backstage/backend-openapi-utils 0.1.11
@backstage/backend-plugin-api 0.6.21
@backstage/backend-tasks 0.5.26
@backstage/catalog-client 1.6.5
@backstage/catalog-model 1.5.0
@backstage/cli-common 0.1.14
@backstage/cli-node 0.2.5
@backstage/cli 0.26.6
@backstage/config-loader 1.8.0
@backstage/config 1.2.0
@backstage/core-app-api 1.13.0
@backstage/core-compat-api 0.2.5
@backstage/core-components 0.14.7
@backstage/core-plugin-api 1.9.3
@backstage/dev-utils 1.0.32
@backstage/e2e-test-utils 0.1.1
@backstage/errors 1.2.4
@backstage/eslint-plugin 0.1.8
@backstage/frontend-plugin-api 0.6.5
@backstage/integration-aws-node 0.1.12
@backstage/integration-react 1.1.27
@backstage/integration 1.12.0
@backstage/plugin-analytics-module-ga4 0.2.5
@backstage/plugin-api-docs 0.11.5
@backstage/plugin-app-backend 0.3.67
@backstage/plugin-app-node 0.1.18
@backstage/plugin-auth-backend-module-atlassian-provider 0.1.10
@backstage/plugin-auth-backend-module-aws-alb-provider 0.1.10
@backstage/plugin-auth-backend-module-azure-easyauth-provider 0.1.1
@backstage/plugin-auth-backend-module-bitbucket-provider 0.1.1
@backstage/plugin-auth-backend-module-cloudflare-access-provider 0.1.1
@backstage/plugin-auth-backend-module-gcp-iap-provider 0.2.13
@backstage/plugin-auth-backend-module-github-provider 0.1.15
@backstage/plugin-auth-backend-module-gitlab-provider 0.1.15
@backstage/plugin-auth-backend-module-google-provider 0.1.15
@backstage/plugin-auth-backend-module-guest-provider 0.1.7
@backstage/plugin-auth-backend-module-microsoft-provider 0.1.13
@backstage/plugin-auth-backend-module-oauth2-provider 0.1.15
@backstage/plugin-auth-backend-module-oauth2-proxy-provider 0.1.11
@backstage/plugin-auth-backend-module-oidc-provider 0.1.9
@backstage/plugin-auth-backend-module-okta-provider 0.0.11
@backstage/plugin-auth-backend 0.22.5
@backstage/plugin-auth-node 0.4.16
@backstage/plugin-auth-react 0.1.2
@backstage/plugin-azure-devops-common 0.4.2
@backstage/plugin-azure-devops 0.4.4
@backstage/plugin-catalog-backend-module-azure 0.1.41
@backstage/plugin-catalog-backend-module-msgraph 0.5.26
@backstage/plugin-catalog-backend-module-scaffolder-entity-model 0.1.19
@backstage/plugin-catalog-backend 1.22.0
@backstage/plugin-catalog-common 1.0.24
@backstage/plugin-catalog-graph 0.4.5
@backstage/plugin-catalog-import 0.11.0
@backstage/plugin-catalog-node 1.12.3
@backstage/plugin-catalog-react 1.12.0
@backstage/plugin-catalog 1.20.0
@backstage/plugin-events-node 0.3.4
@backstage/plugin-gcalendar 0.3.28
@backstage/plugin-github-actions 0.6.16
@backstage/plugin-home-react 0.1.13
@backstage/plugin-home 0.7.4
@backstage/plugin-microsoft-calendar 0.1.17
@backstage/plugin-org 0.6.25
@backstage/plugin-pagerduty 0.7.7
@backstage/plugin-permission-backend-module-allow-all-policy 0.1.18
@backstage/plugin-permission-backend 0.5.45
@backstage/plugin-permission-common 0.7.14
@backstage/plugin-permission-node 0.7.32
@backstage/plugin-permission-react 0.4.22
@backstage/plugin-proxy-backend 0.4.16
@backstage/plugin-scaffolder-backend-module-azure 0.1.13
@backstage/plugin-scaffolder-backend-module-bitbucket-cloud 0.1.11
@backstage/plugin-scaffolder-backend-module-bitbucket-server 0.1.11
@backstage/plugin-scaffolder-backend-module-bitbucket 0.2.11
@backstage/plugin-scaffolder-backend-module-gerrit 0.1.13
@backstage/plugin-scaffolder-backend-module-gitea 0.1.11
@backstage/plugin-scaffolder-backend-module-github 0.3.2
@backstage/plugin-scaffolder-backend-module-gitlab 0.4.3
@backstage/plugin-scaffolder-backend 1.22.11
@backstage/plugin-scaffolder-common 1.5.3
@backstage/plugin-scaffolder-node 0.2.10, 0.4.7
@backstage/plugin-scaffolder-react 1.8.6
@backstage/plugin-scaffolder 1.20.1
@backstage/plugin-search-backend-module-catalog 0.1.24
@backstage/plugin-search-backend-module-pg 0.5.27
@backstage/plugin-search-backend-module-techdocs 0.1.23
@backstage/plugin-search-backend-node 1.2.23
@backstage/plugin-search-backend 1.5.9
@backstage/plugin-search-common 1.2.12
@backstage/plugin-search-react 1.7.11
@backstage/plugin-search 1.4.11
@backstage/plugin-sonarqube-backend 0.2.20
@backstage/plugin-sonarqube-react 0.1.16
@backstage/plugin-sonarqube 0.7.17
@backstage/plugin-stack-overflow 0.1.30
@backstage/plugin-tech-radar 0.7.4
@backstage/plugin-techdocs-backend 1.10.5
@backstage/plugin-techdocs-module-addons-contrib 1.1.10
@backstage/plugin-techdocs-node 1.12.4
@backstage/plugin-techdocs-react 1.2.4
@backstage/plugin-techdocs 1.10.5
@backstage/plugin-user-settings 0.8.6
@backstage/release-manifests 0.0.11
@backstage/repo-tools 0.9.0
@backstage/test-utils 1.5.5
@backstage/theme 0.5.5
@backstage/types 1.1.1
@backstage/version-bridge 1.0.8
The text was updated successfully, but these errors were encountered: