I wanted to add Google OAuth2 authentication to the Spring Boot version of Camunda, which I started by using camunda-archetype-spring-boot archetype, so I found this repository that gave me enough information on how to do so: https://github.com/OKaluzny/spring-boot-security-oauth2-google
It worked like a charm! I was able to access my controllers and Camunda’s apps only once the user is authenticated with Google.
But then I realized a problem on the Tasklist, which I intend the system’s users to use from time to time, there is an XHR POST request failing because of a missing CSRF Token.
The message I’m getting on the response is the generic one from Spring:
“Invalid CSRF Token ‘null’ was found on the request parameter ‘_csrf’ or header ‘X-XSRF-TOKEN’.”
Which led me to think that my inclusion of Google’s OAuth2 might have broken something. But today, while doing some more analysis, I found that the Cockpit does a similar call (or at least that is what I can tell with my limited knowledge of Camunda’s implementation) but already provides the X-XSRF-TOKEN and makes the app work fine.
So now I’m wondering if this is an issue on the Task list implementation which should be fixed once the request gets the header X-XSRF-TOKEN added. Can someone help me determine that?
Here is an image that should help understand what I mean