[scaffolder-backend-module-http-request] - added credentials prop sup…

[goququ]

…port

Hi team, more information about this changes here

:heavy_check_mark: Checklist

• [ ] Added tests for new functionality and regression tests for bug fixes
• [ ] Added changeset (run yarn changeset in the root)
• [ ] Screenshots of before and after attached (for UI changes)
• [ ] Added or updated documentation (if applicable)

[roadie-bot]

https://app.shortcut.com/larder/story/10468

[shortcut-integration[bot]]

This pull request has been linked to Shortcut Story #10468: [scaffolder-backend-module-http-request] - added credentials prop sup….

[punkle]

@goququ can I ask why you wouldnt configure the backstage proxy to provide the credentials? This change seems unusual, because these credentials will be presented to the backstage proxy backend which is designed to provide auth to the target service.

[goququ]

@punkle thank you for the question. May be I missed something, but when I try to do request to the backstage catalog api I don't use proxy. Isn't it?

[punkle]

Yes that is true. You can use this to call any api on the backstage backend. The user's backstage token is provided to the backstage backend by this scaffolder action already. https://github.com/RoadieHQ/roadie-backstage-plugins/blob/main/plugins/scaffolder-actions/scaffolder-backend-module-http-request/src/actions/run/backstageRequest.ts#L141

So in theory the catalog backend should be honouring this token and using it to identify the user who triggered the scaffolder task to start.

For example here on the catalog backend, it is using the authorization token to identify the user https://github.com/backstage/backstage/blob/master/plugins/catalog-backend/src/service/createRouter.ts#L205

[punkle]

@goququ were you able to consider my question?

[kissmikijr]

@goququ I'll close this to keep things clean. When you'll have some time again to pick this up feel free to reopen this one!