I am getting a new behavior that after a good auth session backstage with a hard refresh goes back through auth again as if I had logged out.

The console error shows a 401 to this route:
/api/auth/microsoft/refresh?optional&env=development

The environment is not development it is our staging environment and I am curious if this behavior is due to our app-copnfig.yaml file containing:

auth:

see https://backstage.io/docs/auth/ to learn about auth providers

environment: development
providers:
microsoft:
development:

We have one app-config.yaml that we transform the contents via env vars at runtime. I wasn't sure if that mattered at all since the what should matter is:
development:
clientId: ${AUTH_MICROSOFT_CLIENT_ID}
clientSecret: ${AUTH_MICROSOFT_CLIENT_SECRET}
tenantId: ${AUTH_MICROSOFT_TENANT_ID}

@abstract matrix any reaction to this?

I don't really understand what you are doing and why. Some steps to reproduce could help me understand better, please.

@abstract matrix steps to reproduce:
open backstage app in chrome (our internal url), Azure auth happens.
Browse to components (catalog)
Refresh the browser - Auth provider popup appears and goes through auth process again

In browser console there is a persistent 401 error, even though the end user can access everything in backstage

Thanks, will try this. In the mean time what version of Backstage are you on?

1.17.0

Ok, just tried this in dev, stage, and prod where we are on 1.18.0-next.2 and no issues, nothing in the console, everything works fine

Sorry, I know that's not super helpful but at least you know it's working for others.

@abstract matrix thanks for checking, I think it might be a caching issue

@abstract matrix I am also getting an odd error in our staging environment where the dry run is returning a 400, I have double checked our GitHub app settings and it all looks good.

{
"error": {
"name": "InputError",
"message": "Error: Unable to read url, HttpError: fetch failed"
},
"request": {
"method": "POST",
"url": "/locations?dryRun=true"
},
"response": {
"statusCode": 400
}
}

No idea, not something I’ve used.

@abstract matrix this error occurs when I click analyze on importing a component it looks like the request is missing the baseURL

Ok, that's also not something we use so not going to be terribly helpful

the Hi @mortal yoke , Do you find a solution for refresh token issue, I faced same issue on backstage 1.17.5 and configured auth correctly, but just refresh caused errors, so appreciate your response if you find a solution

It ended up being a browser cache issue for me. Once I cleared everything and signed back in that behavior stopped.

I'm experiencing the same issue with pingfed Auth. On refresh I'm returned to the login page with a 401 error in the network tab.

Was there any other solution?

@velvet finch I think that you will need to enable the offline_access or offline scope to the auth provider.

https://github.com/backstage/backstage/issues/17724

Has some examples for Azure auth