Debug the frontend app for portal
Debug issues with the frontend app that exposes the portal server.
When you set up the frontend app, you configure several components as follows:
- The frontend app, such as the
dev-portal-starterReact app that Solo provides or the Backstage plug-in.
- A route table to expose the portal server on a host.
- OAuth details to secure access to the frontend app, such as with an OIDC provider like Keycloak or Okta.
Some common issues that you might notice with the frontend app include:
- The app does not show up on the host that you expect.
- The app shows up, but you cannot view certain information, such as APIs or usage plans.
- When you click Login, you are not redirected to your OIDC provider or you see an
Access issueserror message.
- You still cannot view the APIs or usage plans after logging in.
To debug the frontend app:
Verify that the frontend app is healthy. If not, redeploy the starter React app or Backstage plug-in. Common errors include using the wrong portal URL, OAuth client ID, or OAuth endpoints.
kubectl get all -n gloo-mesh-addons -l app=portal-frontend
Describe the route table for the frontend app and verify the following details:
- The status is
Accepted. If not, review the resource for any warnings.
- The route forwards to the correct frontend app in your cluster.
- The route table selects the correct virtual gateway.
- The host matches the URL that the attached virtual gateway is configured to listen on. If the URL is HTTPS, make sure that the gateway listener is configured for HTTPS and that the OAuth endpoints that you used to configure the frontend app also use HTTPS.
kubectl describe routetable -A -l app=portal-frontend
- The status is
In your browser, open the URL of the portal.
Click on a page such as APIs. If you do not see any information, check the visibility settings in your portal.
Click Login. If you are not redirected to your OIDC provider's login page, debug your OAuth settings.
If you can log in, but you still cannot see the API products that you expect, check the following resources:
- Debug your OAuth settings to verify that you are authorized by the correct authorization server. For example, you might have a token validation error in the external auth server logs.
- Check the portal groups for authorization. To access an API, you might have a portal group that requires membership in a certain claim from the access token. Your user might not have this claim returned in the access token. For example, the portal group might require membership in
organization: solo.io. In your OIDC provider such as Okta, however, your user does not have the organization set in the profile. Or, the Okta authorization server might not be configured to return the organization claim in the access token.