Debug the frontend app for portal

Debug issues with the frontend app that exposes the portal server.

When you set up the frontend app, you configure several components as follows:

Some common issues that you might notice with the frontend app include:

To debug the frontend app:

  1. Verify that the frontend app is healthy. If not, redeploy the starter React app or Backstage plug-in. Common errors include using the wrong portal URL, OAuth client ID, or OAuth endpoints.

    kubectl get all -n gloo-mesh-addons -l app=portal-frontend
  2. Describe the route table for the frontend app and verify the following details:

    • The status is Accepted. If not, review the resource for any warnings.
    • The route forwards to the correct frontend app in your cluster.
    • The route table selects the correct virtual gateway.
    • The host matches the URL that the attached virtual gateway is configured to listen on. If the URL is HTTPS, make sure that the gateway listener is configured for HTTPS and that the OAuth endpoints that you used to configure the frontend app also use HTTPS.
    kubectl describe routetable -A -l app=portal-frontend
  3. In your browser, open the URL of the portal.

  4. Click on a page such as APIs. If you do not see any information, check the visibility settings in your portal.

  5. Click Login. If you are not redirected to your OIDC provider's login page, debug your OAuth settings.

  6. If you can log in, but you still cannot see the API products that you expect, check the following resources:

    • Debug your OAuth settings to verify that you are authorized by the correct authorization server. For example, you might have a token validation error in the external auth server logs.
    • Check the portal groups for authorization. To access an API, you might have a portal group that requires membership in a certain claim from the access token. Your user might not have this claim returned in the access token. For example, the portal group might require membership in organization: In your OIDC provider such as Okta, however, your user does not have the organization set in the profile. Or, the Okta authorization server might not be configured to return the organization claim in the access token.