Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Scaffolder does not work when Backstage API requires auth
See original GitHub issueExpected Behavior
- One can create new entities using the scaffolder, via the
/createpage, with a backend that requires token authorization of api requests
Current Behavior
- The scaffolder plugin will not work in its current state if the backstage API is protected behind token auth, breaking with a 401 when trying to register the new entity using the catalog API
- (Running the latest code in master, which seems to use the v2 api of the scaffolder)
2021-03-21T14:02:50.845Z Beginning step Register
2021-03-21T14:02:50.852Z info: Registering https://github.example.com/ab/template-test/blob/master/catalog-info.yaml in the catalog {"timestamp":"2021-03-21T14:02:50.849Z"}
2021-03-21T14:02:50.856Z Error: Unauthorized
at CatalogClient.addLocation (/usr/src/app/node_modules/@backstage/catalog-client/dist/index.cjs.js:53:13)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at async Object.handler (/usr/src/app/node_modules/@backstage/plugin-scaffolder-backend/dist/index.cjs.js:945:22)
at async TaskWorker.runOneTask (/usr/src/app/node_modules/@backstage/plugin-scaffolder-backend/dist/index.cjs.js:2181:11)
at async /usr/src/app/node_modules/@backstage/plugin-scaffolder-backend/dist/index.cjs.js:2122:9
Possible Solution
- The catalog request at https://github.com/backstage/backstage/blob/master/plugins/scaffolder-backend/src/scaffolder/actions/builtin/catalog/register.ts#L98 needs to provide a auth token as the second parameter
- Pass on the token from the user requesting the template creation. With the current scaffolder design (v2) that likely means storing the token alongside the task specification in the database to be able to retrieve it when the action is later executed
- Have the scaffolder backend issue its own token (see https://github.com/backstage/backstage/blob/master/plugins/auth-backend/src/providers/google/provider.ts#L164 for a possible example)
Steps to Reproduce
- Follow instructions in https://github.com/backstage/backstage/blob/master/contrib/docs/tutorials/authenticate-api-requests.md on how to require authentication of the backstage api
- Start backstage and use the UI to create a new entity using the scaffolder
- The error above should appear when trying to register the new entity
Context
Since we protect our Backstage API using the token auth method, the scaffolder does not work. This is sad as we would like to start using it.
See also https://github.com/backstage/backstage/issues/5039 which has the same problem, although not as critical
Your Environment
- NodeJS Version (v12): v14
- Operating System and Version (e.g. Ubuntu 14.04): alpine
- Browser Information: Chrome
Issue Analytics
- State:
- Created 3 years ago
- Comments:18 (15 by maintainers)
Top Results From Across the Web
Service to Service Auth - Backstage.io
In a newly created Backstage app, the backend is setup up to not require any auth at all. This means that generated service-to-service...
Read more >The ultimate guide to running Spotify Backstage - Cortex
Authentication can be used both to sign in to Backstage, as well as to authenticate the user to make other requests that may...
Read more >@roadiehq/scaffolder-backend-module-http-request - npm
The http:backstage:request action allows the task to call any of the backstage APIs available to the user that triggers it. The action takes...
Read more >Spotify Backstage Development Portal Builder Vulnerable to ...
Backstage is an open platform for building developer portals, ... instances didn't even require authentication in order to use the exposed Backstage API....
Read more >Backstage Adoption at Brex - Medium
In early 2021, we created a team at Brex to help address these scaling issues by building a centralized platform that simplifies and...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
We are still having authentication issues in this scenario. For example, loading the
/create/actionspage gives us a 500 error.I think auth needs to be passed to that page as well?https://github.com/backstage/backstage/blob/47dac4081978cfa66ab6f5035b1191c67b6ebb9c/plugins/scaffolder/src/api.ts#L246-L256
We also get a 401 to an eventstream endpoint.
https://github.com/backstage/backstage/blob/master/plugins/scaffolder/src/api.ts#L193
@erikxiv I just confirmed it works once I follow this more closely. Sorry about the confusion there!