Search code examples
pluginsbasic-authenticationbackstage

How can I disable the secure by default model for plugins in Backstage ? Or how can I generate the token for my default guest user?


I am trying to develop an internal plugin in my backstage instance. I started with a simple plugin that retrieves data from an external API, but I encountered this error:

"error": {
    "name": "AuthenticationError",
    "message": "Illegal token",
    "stack": "AuthenticationError: Illegal token\n    at DefaultAuthService.authenticate (/home/user/project-v1/instance-backstage/node_modules/@backstage/backend-defaults/src/entrypoints/auth/DefaultAuthService.ts:101:11)\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n    at async DefaultHttpAuthService.#extractCredentialsFromRequest (/home/user/project-v1/instance-backstage/node_modules/@backstage/backend-defaults/src/entrypoints/httpAuth/httpAuthServiceFactory.ts:95:12)\n    at async DefaultHttpAuthService.credentials (/home/user/project-v1/instance-backstage/node_modules/@backstage/backend-defaults/src/entrypoints/httpAuth/httpAuthServiceFactory.ts:138:9)" 
    },
    "request": {
        "method": "GET",
        "url": "/api/newplugin-backend/applications"
    },
    "response": {

After some research, I find out that the new backstage backend uses a "secure by default" model for plugins.

https://backstage.io/docs/plugins/backend-plugin/

So I followed the instructions in the docs, and tried to disable the authentication by adding the following:

httpRouter.addAuthPolicy({
  path: '/api/newplugin-backend/applications',
  allow: 'unauthenticated',
});

Yet I still get the same error.

I even tried using the user's identity (I am using the default guest user) by following:

deps: {
  httpAuth: coreServices.httpAuth,
  userInfo: coreServices.userInfo,
},
async init({
  httpAuth,
  userInfo,
}) {
  httpRouter.use(
    await createRouter({
      httpAuth,
      userInfo,
      logger,
    }),
  );
}

However, I still the that same error - any help or suggestions how to solve it, please?


Solution

  • Assuming "pluginId" property is set to "newplugin-backend", I think you should remove "/api/newplugin-backend" from "path" value like so:

    httpRouter.addAuthPolicy({ path: '/applications', allow: 'unauthenticated', });