I am trying to develop an internal plugin in my backstage instance. I started with a simple plugin that retrieves data from an external API, but I encountered this error:
"error": {
"name": "AuthenticationError",
"message": "Illegal token",
"stack": "AuthenticationError: Illegal token\n at DefaultAuthService.authenticate (/home/user/project-v1/instance-backstage/node_modules/@backstage/backend-defaults/src/entrypoints/auth/DefaultAuthService.ts:101:11)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async DefaultHttpAuthService.#extractCredentialsFromRequest (/home/user/project-v1/instance-backstage/node_modules/@backstage/backend-defaults/src/entrypoints/httpAuth/httpAuthServiceFactory.ts:95:12)\n at async DefaultHttpAuthService.credentials (/home/user/project-v1/instance-backstage/node_modules/@backstage/backend-defaults/src/entrypoints/httpAuth/httpAuthServiceFactory.ts:138:9)"
},
"request": {
"method": "GET",
"url": "/api/newplugin-backend/applications"
},
"response": {
After some research, I find out that the new backstage backend uses a "secure by default" model for plugins.
https://backstage.io/docs/plugins/backend-plugin/
So I followed the instructions in the docs, and tried to disable the authentication by adding the following:
httpRouter.addAuthPolicy({
path: '/api/newplugin-backend/applications',
allow: 'unauthenticated',
});
Yet I still get the same error.
I even tried using the user's identity (I am using the default guest user) by following:
deps: {
httpAuth: coreServices.httpAuth,
userInfo: coreServices.userInfo,
},
async init({
httpAuth,
userInfo,
}) {
httpRouter.use(
await createRouter({
httpAuth,
userInfo,
logger,
}),
);
}
However, I still the that same error - any help or suggestions how to solve it, please?
Assuming "pluginId" property is set to "newplugin-backend", I think you should remove "/api/newplugin-backend" from "path" value like so:
httpRouter.addAuthPolicy({ path: '/applications', allow: 'unauthenticated', });