Camunda community rest client api bearer token

Hello,

I want to make a REST call from my application to camunda engine via org.camunda.community.rest.client.api.ProcessDefinitionApi to start the process. Camunda engine REST api is secured by Keycloak and when i try to start the process by

processDefinitionApi.startProcessInstanceByKey(
  "process_key,
  new StartProcessInstanceDto().businessKey("businessKey)
);

I get the following error

org.camunda.community.rest.client.invoker.ApiException: java.net.ProtocolException: Too many follow-up requests: 21
	at org.camunda.community.rest.client.invoker.ApiClient.execute(ApiClient.java:913)
	at org.camunda.community.rest.client.api.ProcessDefinitionApi.startProcessInstanceByKeyWithHttpInfo(ProcessDefinitionApi.java:5050)
	at org.camunda.community.rest.client.api.ProcessDefinitionApi.startProcessInstanceByKey(ProcessDefinitionApi.java:5028)

which IMO represents redirects to the keycloak server. Thus, my question is: How to add Authorization header to the org.camunda.community.rest.client.api.ProcessDefinitionApi or where should i put a proper interceptor?

Adam

Hello @olszewskia ,

when initializing the Api object, it requires a object of the class org.camunda.community.rest.client.invoker.ApiClient.

For spring-boot, the ApiClient is created here:

If you need to extend it, please override this bean by using the @Primary annotation on your own bean.

I hope this helps

Jonathan

2 Likes

Hello again @jonathan.lukas :slight_smile:

You’re 100% right, thank you again.

To make it work, I had to exclude CamundaOpenApiStarter from the application like this

@SpringBootApplication(exclude = {CamundaOpenApiStarter.class})

Then i had to add my own implementation with the required interceptors, i.e.,

@Configuration
public class CamundaOpenApiConfiguration {

    @Value("${camunda.bpm.client.base-url:null}")
    private String basePath;

    @Bean
    public ApiClient createApiClient() {
        final var client = new ApiClient(initHttpClient());
        if (basePath != null) {
            client.setBasePath(basePath);
        }
        return client;
    }


    private OkHttpClient initHttpClient() {
        return new OkHttpClient.Builder()
            .addNetworkInterceptor(getProgressInterceptor())
            .addNetworkInterceptor(getTokenInterceptor())
            .build();
    }

    private Interceptor getProgressInterceptor() {
        return (Interceptor.Chain chain) -> {
            final var request = chain.request();
            final var originalResponse = chain.proceed(request);
            if (request.tag() instanceof final ApiCallback callback) {
                return originalResponse.newBuilder()
                    .body(new ProgressResponseBody(originalResponse.body(), callback))
                    .build();
            }
            return originalResponse;
        };
    }

    private Interceptor getTokenInterceptor() {
        return (Interceptor.Chain chain) -> {
            final var request = chain.request().newBuilder()
                .addHeader("Authorization", "Bearer myToken");
            return chain.proceed(request);
        };
    }
}

Thus, it solved my problem with the keycloak redirects.

Adam

2 Likes