backstage
🐛 Bug Report: 413 from /api/permission/authorize
📜 Description
We are getting 413 errors from the /api/permission/authorize endpoint when there are a lot of resources to authorize. This is happening in OwnedEntitiesCard as well as in the Q&A plugin. Might also be related to #20188
👍 Expected behavior
The permission framework should be able to handle more checks
👎 Actual Behavior with Screenshots
👟 Reproduction steps
Don't know. Maybe have a lot of resources to check access for.
📃 Provide the context for the Bug.
No response
🖥️ Your Environment
OS: Darwin 24.3.0 - darwin/arm64 node: v22.9.0 yarn: 4.6.0 cli: 0.29.6 (installed) backstage: 1.35.1
Dependencies: @backstage/app-defaults 1.5.16 @backstage/backend-app-api 1.1.0, 1.1.1 @backstage/backend-common 0.23.3, 0.25.0 @backstage/backend-defaults 0.5.3, 0.6.2, 0.7.0 @backstage/backend-dev-utils 0.1.5 @backstage/backend-openapi-utils 0.4.0, 0.4.1 @backstage/backend-plugin-api 0.7.0, 1.1.0, 1.1.1 @backstage/backend-test-utils 1.2.0, 1.2.1 @backstage/catalog-client 1.9.0, 1.9.1 @backstage/catalog-model 1.7.2, 1.7.3 @backstage/cli-common 0.1.15 @backstage/cli-node 0.2.11, 0.2.12 @backstage/cli 0.29.6 @backstage/config-loader 1.9.4, 1.9.5 @backstage/config 1.3.1, 1.3.2 @backstage/core-app-api 1.15.3, 1.15.4 @backstage/core-compat-api 0.3.4, 0.3.5 @backstage/core-components 0.14.10, 0.15.1, 0.16.2, 0.16.3 @backstage/core-plugin-api 1.10.2, 1.10.3 @backstage/dev-utils 1.1.6 @backstage/errors 1.2.6, 1.2.7 @backstage/eslint-plugin 0.1.10 @backstage/frontend-app-api 0.10.3, 0.10.4 @backstage/frontend-defaults 0.1.4, 0.1.5 @backstage/frontend-plugin-api 0.9.3, 0.9.4 @backstage/frontend-test-utils 0.2.4, 0.2.5 @backstage/integration-aws-node 0.1.14, 0.1.15 @backstage/integration-react 1.2.2, 1.2.3 @backstage/integration 1.16.0, 1.16.1 @backstage/plugin-api-docs 0.12.3 @backstage/plugin-app-backend 0.4.4 @backstage/plugin-app-node 0.1.29 @backstage/plugin-app 0.1.4, 0.1.5 @backstage/plugin-auth-backend-module-atlassian-provider 0.3.4 @backstage/plugin-auth-backend-module-auth0-provider 0.1.4 @backstage/plugin-auth-backend-module-aws-alb-provider 0.3.2 @backstage/plugin-auth-backend-module-azure-easyauth-provider 0.2.4 @backstage/plugin-auth-backend-module-bitbucket-provider 0.2.4 @backstage/plugin-auth-backend-module-bitbucket-server-provider 0.1.4 @backstage/plugin-auth-backend-module-cloudflare-access-provider 0.3.4 @backstage/plugin-auth-backend-module-gcp-iap-provider 0.3.4 @backstage/plugin-auth-backend-module-github-provider 0.2.4 @backstage/plugin-auth-backend-module-gitlab-provider 0.2.4 @backstage/plugin-auth-backend-module-google-provider 0.2.4 @backstage/plugin-auth-backend-module-guest-provider 0.2.4 @backstage/plugin-auth-backend-module-microsoft-provider 0.2.4 @backstage/plugin-auth-backend-module-oauth2-provider 0.3.4 @backstage/plugin-auth-backend-module-oauth2-proxy-provider 0.2.4 @backstage/plugin-auth-backend-module-oidc-provider 0.3.4 @backstage/plugin-auth-backend-module-okta-provider 0.1.4 @backstage/plugin-auth-backend-module-onelogin-provider 0.2.4 @backstage/plugin-auth-backend 0.24.2 @backstage/plugin-auth-node 0.4.17, 0.5.5, 0.5.6 @backstage/plugin-auth-react 0.1.11 @backstage/plugin-bitbucket-cloud-common 0.2.27 @backstage/plugin-catalog-backend-module-aws 0.4.7 @backstage/plugin-catalog-backend-module-github-org 0.3.6 @backstage/plugin-catalog-backend-module-github 0.7.9 @backstage/plugin-catalog-backend-module-logs 0.1.6 @backstage/plugin-catalog-backend-module-msgraph 0.6.6 @backstage/plugin-catalog-backend-module-scaffolder-entity-model 0.2.4 @backstage/plugin-catalog-backend-module-unprocessed 0.5.4 @backstage/plugin-catalog-backend 1.30.0 @backstage/plugin-catalog-common 1.1.2, 1.1.3 @backstage/plugin-catalog-graph 0.4.15 @backstage/plugin-catalog-node 1.15.0, 1.15.1 @backstage/plugin-catalog-react 1.15.0, 1.15.1 @backstage/plugin-catalog-unprocessed-entities-common 0.0.7 @backstage/plugin-catalog-unprocessed-entities 0.2.13 @backstage/plugin-catalog 1.26.1 @backstage/plugin-devtools-backend 0.5.1 @backstage/plugin-devtools-common 0.1.15 @backstage/plugin-devtools 0.1.23 @backstage/plugin-events-backend-module-github 0.2.16 @backstage/plugin-events-backend 0.4.0, 0.4.1 @backstage/plugin-events-node 0.4.6, 0.4.7 @backstage/plugin-home-react 0.1.21, 0.1.22 @backstage/plugin-home 0.8.4 @backstage/plugin-kubernetes-common 0.9.2 @backstage/plugin-notifications-backend-module-email 0.3.5 @backstage/plugin-notifications-backend 0.5.1 @backstage/plugin-notifications-common 0.0.8 @backstage/plugin-notifications-node 0.2.11 @backstage/plugin-notifications 0.5.1 @backstage/plugin-org 0.6.35 @backstage/plugin-permission-backend 0.5.53 @backstage/plugin-permission-common 0.8.3, 0.8.4 @backstage/plugin-permission-node 0.8.6, 0.8.7 @backstage/plugin-permission-react 0.4.29, 0.4.30 @backstage/plugin-proxy-backend 0.5.10 @backstage/plugin-proxy-node 0.1.0 @backstage/plugin-scaffolder-backend-module-azure 0.2.5 @backstage/plugin-scaffolder-backend-module-bitbucket-cloud 0.2.5 @backstage/plugin-scaffolder-backend-module-bitbucket-server 0.2.5 @backstage/plugin-scaffolder-backend-module-bitbucket 0.3.6 @backstage/plugin-scaffolder-backend-module-confluence-to-markdown 0.3.5 @backstage/plugin-scaffolder-backend-module-cookiecutter 0.3.6 @backstage/plugin-scaffolder-backend-module-gerrit 0.2.5 @backstage/plugin-scaffolder-backend-module-gitea 0.2.5 @backstage/plugin-scaffolder-backend-module-github 0.5.5 @backstage/plugin-scaffolder-backend-module-gitlab 0.7.1 @backstage/plugin-scaffolder-backend-module-notifications 0.1.6 @backstage/plugin-scaffolder-backend 1.29.0 @backstage/plugin-scaffolder-common 1.5.8, 1.5.9 @backstage/plugin-scaffolder-node-test-utils 0.1.18 @backstage/plugin-scaffolder-node 0.5.0, 0.6.3 @backstage/plugin-scaffolder-react 1.14.2, 1.14.4 @backstage/plugin-scaffolder 1.27.5 @backstage/plugin-search-backend-module-catalog 0.3.0 @backstage/plugin-search-backend-module-elasticsearch 1.6.4 @backstage/plugin-search-backend-module-techdocs 0.3.5 @backstage/plugin-search-backend-node 1.3.6, 1.3.7 @backstage/plugin-search-backend 1.8.1 @backstage/plugin-search-common 1.2.16, 1.2.17 @backstage/plugin-search-react 1.8.4, 1.8.5 @backstage/plugin-search 1.4.22 @backstage/plugin-signals-backend 0.3.0 @backstage/plugin-signals-node 0.1.15, 0.1.16 @backstage/plugin-signals-react 0.0.8, 0.0.9 @backstage/plugin-signals 0.0.15 @backstage/plugin-techdocs-backend 1.11.5 @backstage/plugin-techdocs-common 0.1.0 @backstage/plugin-techdocs-node 1.12.16 @backstage/plugin-techdocs-react 1.2.13 @backstage/plugin-techdocs 1.12.2 @backstage/plugin-user-settings-backend 0.2.29 @backstage/plugin-user-settings-common 0.0.1 @backstage/plugin-user-settings 0.8.18 @backstage/release-manifests 0.0.12 @backstage/test-utils 1.7.3, 1.7.4 @backstage/theme 0.5.7, 0.6.3 @backstage/types 1.2.0, 1.2.1 @backstage/version-bridge 1.0.10
👀 Have you spent some time to check if this bug has been raised before?
- [x] I checked and didn't find similar issue
🏢 Have you read the Code of Conduct?
- [x] I have read the Code of Conduct
Are you willing to submit PR?
None
do you know where the request is originating from? Can't find any OwnedEntitiesCard
These are coming from the Q&A plugin but it's also failing in the Homepage when fetching the entities for the card. After some digging, it might be that this is actually a duplicate of #20188 as the user who sees this has 94 groups in the token.
I think it's a duplicate of https://github.com/backstage/backstage/issues/23303 Can you point me to the code of the card?
@vinzscam oh yeah, forgot about that issue. I think they have all the same root cause. Not sure, but this might help: https://github.com/backstage/backstage/pull/28837
I will try to reproduce this with the user who has this issue and find the trace of the card issue.
My guess is that the card is attempting to authorize too many permissions at the same time.
@vinzscam yeah that might indeed be the case, same as with the search results.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.