I am using Camunda 8.8 as C8run.exe and springboot starter. Now, I am trying to fetch all user task using below code but throwing “Unauthorised” 401 error.
Any idea? why looking for auth if accessing directly service layer instead of API call?
How to do?
List<UserTask> taskList = this.camundaClient.newUserTaskSearchRequest().send().join().item()
NOTE: I have active user task in camunda tasklist UI
TIA.
The 401 Unauthorized error occurs because your Camunda client needs authentication configuration for the REST API calls. I found the following relevant resources:
Does this help? If not, can anyone from the community jump in? 
Hints: Use the Ask AI feature in Camunda’s documentation to chat with AI and get fast help. Report bugs and features in Camuda’s GitHub issue tracker. Trust the process. 
Hi @yadav1990 ,
The 401 error happens because Camunda 8’s Spring Boot Starter always uses the REST API internally for user task operations (like newUserTaskSearchRequest()), and the REST API requires authentication even though you’re calling the service layer directly. The client doesn’t bypass authentication just because you’re not making a direct HTTP call from your code.
Why authentication is required
| Aspect |
Explanation |
| User task search uses REST |
newUserTaskSearchRequest() calls the Orchestration Cluster REST API (/v2/user-tasks/search), not gRPC |
| Default changed in 8.8 |
Camunda 8.8+ may have authentication enabled by default even in C8Run |
| Client auto-detects auth |
If you set client-id or client-secret, the starter automatically switches to OIDC auth mode |
How to fix it
You need to configure authentication in your application.yaml (or application.properties):
Option 1: Disable authentication (local development only)
camunda:
client:
auth:
method: none
Option 2: Basic auth (C8Run with username/password)
camunda:
client:
auth:
method: basic
username: demo
password: demo
Option 3: OIDC (if C8Run has OIDC enabled)
camunda:
client:
auth:
method: oidc
client-id: your-client-id
client-secret: your-client-secret
token-url: http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/token
audience: zeebe
Option 4: Explicitly set Self-Managed mode
camunda:
client:
mode: self-managed
rest-address: http://localhost:8088
auth:
method: none # or basic/oidc
Quick check
First, check what authentication mode your C8Run is using. Look at the C8Run logs or check if you can access http://localhost:8088/v2/topology without auth in curl. If it works without auth, use Option 1. If it returns 401, you need to configure credentials matching your C8Run setup.
What authentication method is your C8Run configured with (none, basic, or OIDC)?