Connect to "self hosted" camunda WITH oauth

I am trying to evaluate camunde. I am running the system on a self-hosted kubernetes cluster. the application is deployed via helm chart. (whith minimal changes). All important ports are forwarded from MY local PC to the camunda processes. I know that everything is operational as i am able to deploy and run processes via the modeler (on my local pc) via these settings:

image292×656 7.61 KB

BUT i have problem to get the Spring-Boot-Email-Example to run. (connection to zeebe)
In the documentation is mentioned to do it like this

zeebe.client.broker.gatewayAddress=127.0.0.1:26500
zeebe.client.security.plaintext=true

but of course it does not work because oauth is not configured and the server “misses” the bearer token

So … there does not seem to be a “documented” way to pass the authorization information via application .properties/yaml for the self hosted camunda.

I am willing to overwrite some Beans to pass my own OAuthCredentialsProvider into the system. but i did not found the “hook” to do it for the Spring-example (which uses a ZeebeClientLifecycle instead of a plain ZeebeClient).

Thank you for any hints

Hi @ollig, welcome to the forums! The Zeebe Java script (which is what spring-zeebe is a wrapper around) supports OAuth. You can find an example authenticating with OAuth in our documentation here: Java client | Camunda Platform 8 Docs

This application.properties worked for me:

zeebe.client.broker.gateway-address=XXX.X.X.X:26500
zeebe.client.security.plaintext=true
zeebe.client.connection-mode=ADDRESS

# change below to your keycloak url
zeebe.client.cloud.auth-url=http://XXX.X.X.X:8006/auth/realms/openid-connect/token
zeebe.client.cloud.client-id=[your client id]
zeebe.client.cloud.client-secret=[your secret]

It is very deceiving that the properties are prefixed zeebe.client.cloud but are used for self hosted