Api gateway returns 400 error related to authentication token but the backend returned 301

[martinsanchezpearltech]

Environment info:

• KrakenD version: 3
• Backend technology: .net
• Additional environment information:

Describe the bug
1.- We receive a call on krakend
2.- There we validate the token comming from the UI
3.- We generate a client credentials token to call the backend
4.- Backend returns 301 with a url that works on the browser
5.- krakend returns 400 bad request with the below error:


InvalidAuthenticationInfo
Authentication information is not given in the correct format. Check the value of Authorization header.
RequestId:09ba3e43-f01e-0058-51b7-c1e59e000000
Time:2024-06-18T19:38:03.8875498Z

Your configuration file:

  "version": 3,
  "name": "Invoicing-mx-api-gtw",
  "timeout": "10000ms",
  "cache_ttl": "300s",    
  "port": 8080,    
  "debug_endpoint": true,
  "client_tls": {
    "allow_insecure_connections": true
  },
  "endpoints": [
  {
         "endpoint":"/document/api/v1/Files/{param1}/{param2}/preview",
         "method":"GET",
         "output_encoding":"no-op",
         "input_headers":["*"],
         "input_query_strings":["*"],
         "backend":[
            {
               "encoding": "no-op",
               "url_pattern":"/api/v1/Files/{param1}/",
               "host":["somehost"],
                "extra_config":{
                  "auth/client-credentials": {
                        "client_id":  "someclientid",
                        "client_secret": "somesecret",
                        "token_url": "sometokenurl",
                        "scopes": "somescope"
                    },
                    "modifier/martian": {
                      "fifo.Group": {
                        "scope": ["response"],
                        "modifiers": [
                          {
                            "header.Blacklist": {
                              "scope": ["response"],
                              "names": ["access-control-allow-origin"]
                            }
                          }
                        ]
                    }
				  }
               }
            }
         ],
         "extra_config":{
            "auth/validator":{
               "alg":"RS256",
               "cache":true,
               "jwk_url":"https://login.microsoftonline.com/common/discovery/keys",
               "issuer": "some issuer",
               "audience":[ "some audience" ],
               "roles_key": "roles",
               "roles":  ["some role"],
               "scopes_key": "some scope key",
               "scopes":["some scope],
               "operation_debug": true
            }
         }
      }

  ],
  "extra_config": {
    "telemetry/logging": {
      "level": "DEBUG",
      "prefix": "[KRAKEND]",
      "syslog": true,
      "stdout": true,
      "format": "default"
      },
      "security/cors": {
      "allow_origins": ["*"],
      "allow_methods": ["PUT","GET","POST","OPTIONS","DELETE","PATCH"],
      "allow_headers": ["DNT","Accept","Accept-Language","Connection","Referer","X-CustomHeader","Sec-Fetch-Dest","Sec-Fetch-Mode","Sec-Fetch-Site","sec-ch-ua","sec-ch-ua-platform","sec-ch-ua-mobile","Keep-Alive","User-Agent","X-Requested-With","If-Modified-Since","Cache-Control","Content-Type","Authorization","x-requested-with","x-signalr-user-agent","etag","x-connection-id","x-api-key","User-DateTime","User-TimeZone"],
      "expose_headers": ["Content-Length","Content-Type"],            
      "max_age": "60m",
      "allow_credentials": true,
      "debug": true
    },
    "router": {
      "return_error_msg":true,
      "disable_redirect_fixed_path":true,
      "auto_options": true,
      "error_body": {
        "404": {
          "message": "Gtw: Page not found",
          "status": 404
        },
        "405": {
          "message": "Gtw: Method not allowed",
          "status": 405
        }
      }
    }
  }
}

Commands used
How did you start the software?

docker buildx build --progress=plain --no-cache -f "my docker file " -t gatewayname:v "source folder"

Expected behavior
I think krakend is trying to validate the token again after the redirect response but as we generated a different token to call backend now it has different information than the one validated, I would like to skip this second token validation for the redirect responses

Logs
2024-06-18 13:37:59 2024/06/18 19:37:59 KRAKEND DEBUG: [CORS] 2024/06/18 19:37:59 Handler: Actual request
2024-06-18 13:37:59
2024-06-18 13:37:59 2024/06/18 19:37:59 KRAKEND DEBUG: [CORS] 2024/06/18 19:37:59 Actual response added headers: map[Access-Control-Allow-Credentials:[true] Access-Control-Allow-Origin:[*] Access-Control-Expose-Headers:[Content-Length, Content-Type] Vary:[Origin]]
2024-06-18 13:37:59
2024-06-18 13:38:04 [GIN] 2024/06/18 - 19:38:04 | 400 | 4.783303462s | 172.17.0.1 | GET "/my url"

Additional context
the error is not so clear I har to run everuthyng on my local host to be able to see what was happening