Getting a 401 using a Bearer Token

[stevenmchaves]

Please do not disclose security vulnerabilities as issues. See our security policy for responsible disclosures.

Describe the bug

I following the instructions about using a Bearer token and I am getting a 401 when I check the health:

 curl localhost:7007/api/jira-dashboard/health
{"error":{"name":"AuthenticationError","message":"Missing credentials","stack":"AuthenticationError: Missing credentials\n    at DefaultHttpAuthService.credentials (/mnt/c/Users/u1175114/Gitlab-tstenv/backstage_poc/backstage/node_modules/@backstage/backend-defaults/node_modules/@backstage/backend-app-api/src/services/implementations/httpAuth/httpAuthServiceFactory.ts:150:13)\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"},"request":{"method":"GET","url":"/api/jira-dashboard/health"},"response":{"statusCode":401}} 

Using the same Bearer token calling directly to the Jira instance it works correctly:

schaves:~$ curl -H "Authorization: ${JIRA_BEARER_TOKEN}" https://XXXXXXXXX/rest/api/2/project/SDLC
{"expand":"description,lead,url,projectKeys","self":"https://XXXXXXXXX/rest/api/2/project/10200","id":"10200","key":"SDLC","description":"","lead":{"self":"https://XXXXXXXXX/rest/api/2/user?username=q831841","key":"q831841","name":"q831841","avatarUrls":{"48x48":"https://XXXXXXXXX/secure/useravatar?ownerId=q831841&avatarId=10500","24x24":"https://jira.rwts-.........
}

To reproduce

 curl localhost:7007/api/jira-dashboard/health
{"error":{"name":"AuthenticationError","message":"Missing credentials","stack":"AuthenticationError: Missing credentials\n    at DefaultHttpAuthService.credentials (/mnt/c/Users/u1175114/Gitlab-tstenv/backstage_poc/backstage/node_modules/@backstage/backend-defaults/node_modules/@backstage/backend-app-api/src/services/implementations/httpAuth/httpAuthServiceFactory.ts:150:13)\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"},"request":{"method":"GET","url":"/api/jira-dashboard/health"},"response":{"statusCode":401}} 

OR

Please provide as much context as possible and describe the reproduction steps that someone else can follow to recreate the issue

Here are the important details for the backend setup:

[anicke]

Hi, which backstage version are you running? I think it's due to the auth changes in v1.24.0. We may need to update these plugins to support the new backend system on backstage +1.24.0.

[stevenmchaves]

I am using 1.26.0 but it occurred on 1.25.0 as well.

If I revert back to 1.24.0, will that resolve the issue? If so is there a backstage_cli command to do the revert.

[anicke]

We are actually just about to do the upgrade as well so I'll try to fix it as soon as possible.

[anicke]

To clarify the issue here...

Using curl directly on the Jira "health" API will not work in a +v1.24 Backstage that uses the new backend system. This is because it enforces authentication by default. The issue from the "Jira Dashboard" entity tab is probably due to the Jira plugin is not using the new auth system to authenticate towards the catalog API.

[anicke]

New packages has been published, hopefully it should work now.

[stevenmchaves]

Well no real change. Direct call to JIRA instance good.

curl localhost:7007/api/jira-dashboard
{"error":{"name":"AuthenticationError","message":"Missing credentials","stack":"AuthenticationError: Missing credentials\n    at DefaultHttpAuthService.credentials (/mnt/c/Users/u1175114/Gitlab-tstenv/backstage_poc/backstage/node_modules/@backstage/backend-app-api/src/services/implementations/httpAuth/httpAuthServiceFactory.ts:150:13)\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"},"request":{"method":"GET","url":"/api/jira-dashboard"},"response":{"statusCode":401}}

[stevenmchaves]

Again: curl -H "Authorization: ${JIRA_BEARER_TOKEN}" https://XXXXXXXXX/rest/api/2/project/SDLC works fine.

[MZerbe]

Have you set the jiraDashboard.annotationPrefix configuration to something like jira?

If so, you must adjust your component annotation:

apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
  annotations:
    jira/project-key: "SDLC"

[stevenmchaves]

Yes

On Mon, Apr 22, 2024, 3:57 AM Maximilian Zerbe @.***> wrote:

Have you set the jiraDashboard.annotationPrefix configuration to something like jira?

If so, you must adjust your component annotation:

apiVersion: backstage.io/v1alpha1 kind: Component metadata: annotations: jira/project-key: "SDLC"

— Reply to this email directly, view it on GitHub https://github.com/AxisCommunications/backstage-plugins/issues/121#issuecomment-2068735968, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMR4WMPHCZUELLJM2DGBDO3Y6S7HHAVCNFSM6AAAAABGLIPHEOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRYG4ZTKOJWHA . You are receiving this because you authored the thread.Message ID: @.***>

[fjudith]

Same issue here with ou without specifying the jiraDashboard.annotationPrefix.

cUrl/Postman works, but the plugin reports a 404 error

• backstage: 1.26.4
• plugin-jira-dashboard-backend: 2.0.0
• plugin-jira-dashboard: 1.0.2
• plugin-jira-dashboard-common: 1.0.1

[mepperla]

i am having the same issue

[knewman23]

Seeing a 404 as well, I can do curl with and without the --user specified with successful responses

backstage: 1.26.4 plugin-jira-dashboard-backend: 2.0.0 plugin-jira-dashboard: 1.0.2 plugin-jira-dashboard-common: 1.0.1

[GLundh]

Does your baseUrl include the ending slash?

[knewman23]

Yes it does https://xxx.atlassian.net/rest/api/latest/

[GLundh]

Please try latest version. Should have a better error message in the log.

[knewman23]

Upgraded to 2.1.0

Here is my app-config entry

jiraDashboard:
  token: -u [email protected]:token
  baseUrl: https://xxx.atlassian.net/rest/api/latest/
  userEmailSuffix: xxx.com

Seeing

[1] 2024-05-14T14:52:44.144Z jira-dashboard error Could not find Jira project MF: Failed to get project info for project key MF with error: Request failed with status code 404: Not Found type=plugin

{
  "error": {
    "name": "Error",
    "message": "Request failed with status 404 Not Found, {\"error\":\"No Jira project found with key MF\"}"
  },
  "response": {
    "statusCode": 404
  }
}

[knewman23]

Opening the url in the browser gives me a full json response

{
"expand": "description,lead,issueTypes,url,projectKeys,permissions,insight",
"self": "https://xxx.atlassian.net/rest/api/2/project/xxx",
"id": "xxx",
"key": "MF",
"description": "",
...
}

[GLundh]

Upgraded to 2.1.0

Here is my app-config entry

jiraDashboard:
  token: -u [email protected]:token
  baseUrl: https://xxx.atlassian.net/rest/api/latest/
  userEmailSuffix: xxx.com

I'm not sure what's going on here, but that looks like a curl parameter for setting user and password.

Can you try

  jiraDashboard:
    token: "Bearer <token>"

where <token> is your token?

[knewman23]

The Bearer <token> format didn't work, but using Basic <base64_token> from the docs did work!

[rishabh19sachan]

still facing same issue " 2024-06-22T13:52:34.505Z rootHttpRouter info ::1 - - [22/Jun/2024:13:52:34 +0000] "GET /api/jira-dashboard/health HTTP/1.1" 401 521 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" type=incomingRequest"

jiraDashboard: token: Bearer <> baseUrl: http://localhost:82/rest/api/2/ userEmailSuffix: gmail.com annotationPrefix: jira

[GLundh]

@rishabh19sachan: It looks like you are not authenticated against the Backstage backend. Are you using the new backend or the old one? Could you post all the code (censored where needed, of course) you used to setup the plugin?

[rishabh19sachan]

@GLundh its working now using new backend.