I can use the client to perform authenticated requests #503
Comments
Sounds a bit harsh. It is for SaaS former called Camunda Cloud so it is expected that it doesn't work with a community project which have been created separately and later than the provider. Do you know whether it works with other clients ? Are they supporting this ? |
|
Yeah, sorry for the wording.. The Zeebe Client meant to work with a self-managed instance of Camunda 8 does not require authentication by default as it is no feature of Camunda 8 right now. However, there are mechanisms beside the mentioned community project to secure a Zeebe Gateway using OAuth2 with Keycloak for example (similar to Camunda Cloud/Camunda Platform Saas). It would be nice to have a default implementation which is configurable, retrieves a token from Keycloak and uses it to authenticate the request. I am not aware of this feature for other clients but I guess the AccessTokenSupplier is a good extension point for this community project. |
|
We are facing a similar problem. We authenticate directly with our self-hosted Keycloak, but the authentication request fails because the Zeebe Client sends the request to the authentication server as JSON. However, the OAuth2 Token Endpoint is expecting "application/x-www-form-urlencoded" data, as defined in RFC 6749 Section 3.2. |
|
Thanks @LennartKleymann for reporting I can see when I find time to add such |
|
I created a PR for this problem. |
Is your feature request related to a problem? Please describe.
We are using the Zeebe Keycloak Interceptor to authenticate requests against Zeebe. Therefore, the CamundaCloudTokenProvider is useless.
Describe the solution you'd like
We would like to have a AccessTokenSupplier for Camunda 8 Self-Managed using the above mentioned interceptor.
Describe alternatives you've considered
Additional context
The text was updated successfully, but these errors were encountered: