API Portal returns generic error instead of redirecting to web login

[gbarbon]

The API Portal is returning a generic “Something went wrong“ (see the image below) error instead of redirecting to the login page when the endpoints are protected and the user is not logged in.

This is due to the https://[redacted part]/documentations/api-portal/api/openapi/v3/json answering with a 401 error. I would expect the login page to be loaded instead.

When logged in, the API Portal works correctly. I suspect this is a configuration issue, but I don't know what I'm missing.

[fredmaggiowski]

Hi, how can the API Portal redirect you to a login page? It does not know whether you are using a login page or not or where it is served 🤔

[davidebianchi]

Hi @gbarbon, if you want to expose the API Portal to invoke API under authentication, you should setup it under a login page before the portal. Or leave the user insert the authentication headers.

[gbarbon]

You're both right. The description of the problem I have written is a bit misleading. This is not actually an API Portal issue, but it's more related to the API Gateway I guess. The redirect should be carried by the API Gateway, but it's not happening as intended. Just to give some more context, in the same project there is the Backoffice that has the redirect correctly working when the user is not authenticated.

[gbarbon]

Btw I also tried your configuration, and the api-gateway container is restarting with the following error:

2022/10/12 07:29:00 [emerg] 1#1: duplicate location "/error401.html" in /etc/nginx/customization.d/default-error-page.conf:21
nginx: [emerg] duplicate location "/error401.html" in /etc/nginx/customization.d/default-error-page.conf:21

[fredmaggiowski]

The location should already be available on the main nginx upstream so you might not need to specify it

[gbarbon]

@fredmaggiowski you mean this part location /error401.html? What should I write instead? I think that I still need the part where the 302 is returned.

[gbarbon]

I've checked with @fredmaggiowski , there was an error in my configuration: in the GET /documentations/api-portal/ route of the /documentations/api-portal endpoint, the "All routes access security" check was not marked as inherited (an the authentication was not required). Because of that, the API Portal was not redirecting the user to the login page, believing the user as authenticated, even if he was not. Thanks @fredmaggiowski !

[fredmaggiowski]

You're welcome