Merge pull request #23915 from apc-kamezaki/feature/handle-error-tech…

…docs-cookie fixed bug the treat as same as no cookie if existing cookie vas invalid.
backstage · Apr 2, 2024 · 89a5b69 · 89a5b69
2 parents 1cbc081 + 7e584d6
commit 89a5b69
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 7 deletions.
diff --git a/.changeset/giant-olives-protect.md b/.changeset/giant-olives-protect.md
@@ -0,0 +1,5 @@
+---
+'@backstage/backend-app-api': patch
+---
+
+Fixed a bug where expired cookies would not be refreshed.
diff --git a/packages/backend-app-api/src/services/implementations/httpAuth/httpAuthServiceFactory.ts b/packages/backend-app-api/src/services/implementations/httpAuth/httpAuthServiceFactory.ts
@@ -235,14 +235,24 @@ class DefaultHttpAuthService implements HttpAuthService {
       return undefined;
     }
 
-    const existingCredentials = await this.#auth.authenticate(existingCookie, {
-      allowLimitedAccess: true,
-    });
-    if (!this.#auth.isPrincipal(existingCredentials, 'user')) {
-      return undefined;
-    }
+    try {
+      const existingCredentials = await this.#auth.authenticate(
+        existingCookie,
+        {
+          allowLimitedAccess: true,
+        },
+      );
+      if (!this.#auth.isPrincipal(existingCredentials, 'user')) {
+        return undefined;
+      }
 
-    return existingCredentials.expiresAt;
+      return existingCredentials.expiresAt;
+    } catch (error) {
+      if (error.name === 'AuthenticationError') {
+        return undefined;
+      }
+      throw error;
+    }
   }
 }