Expected bearer token at header with key - Zeebe

Mert_Mahanoglu · April 26, 2024, 9:10am

Hi,

I installed Camunda 8 as Self-Managed. I am using Ingress to access Camunda services. All applications are working perfectly except zeebe. My all pods are running and ready state and I can access them with http://camunda.local/[modeler/tasklist/operate].

When I check health status of my applications from Camunda Console, it is looking all good.

However, when I try to deploy my BPMN process, I am getting error.

When I check Camunda Modeler logs, I found an error like down below:

Error: 16 UNAUTHENTICATED: Expected bearer token at header with key [authorization], but found nothing
    at callErrorFromStatus (C:\Users\Mert\Downloads\camunda-modeler-5.22.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\call.js:31:19)
    at Object.onReceiveStatus (C:\Users\Mert\Downloads\camunda-modeler-5.22.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\client.js:192:76)
    at C:\Users\Mert\Downloads\camunda-modeler-5.22.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\call-interface.js:78:35
    at Object.onReceiveStatus (C:\Users\Mert\Downloads\camunda-modeler-5.22.0-win-x64\resources\app.asar\node_modules\zeebe-node\dist\lib\GrpcClient.js:97:36)
    at InterceptingListenerImpl.onReceiveStatus (C:\Users\Mert\Downloads\camunda-modeler-5.22.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\call-interface.js:73:23)
    at Object.onReceiveStatus (C:\Users\Mert\Downloads\camunda-modeler-5.22.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\client-interceptors.js:360:141)
    at Object.onReceiveStatus (C:\Users\Mert\Downloads\camunda-modeler-5.22.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\client-interceptors.js:323:181)
    at C:\Users\Mert\Downloads\camunda-modeler-5.22.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\resolving-call.js:99:78
    at process.processTicksAndRejections (node:internal/process/task_queues:77:11)
for call at
    at ServiceClientImpl.makeUnaryRequest (C:\Users\Mert\Downloads\camunda-modeler-5.22.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\client.js:160:32)
    at ServiceClientImpl.<anonymous> (C:\Users\Mert\Downloads\camunda-modeler-5.22.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\make-client.js:105:19)
    at C:\Users\Mert\Downloads\camunda-modeler-5.22.0-win-x64\resources\app.asar\node_modules\zeebe-node\dist\lib\GrpcClient.js:272:47 {
  code: 16,
  details: 'Expected bearer token at header with key [authorization], but found nothing',
  metadata: Metadata {
    internalRepr: Map(3) {
      'date' => [Array],
      'content-type' => [Array],
      'content-length' => [Array]
    },
    options: {}
  }
}

My config file is down below.

camunda-values.yaml (2.5 KB)

Thanks for any help.

Mert_Mahanoglu · April 26, 2024, 11:12am

Extra information :

When I disable identity like down below, zeebe works perfectly. Other applications(console, modeler) not working as expected.

global:
  ingress:
    enabled: true
    className: nginx
    host: "camunda.local"
    tls:
      enabled: true
      secretName: "tls-secret"
  identity:
    auth:
      # Disable Identity authentication for local development
      # it will fall back to basic-auth: demo/demo as default user
      enabled: false

# Disable Identity for local development
identity:
  enabled: false

nathan.loding · April 26, 2024, 5:26pm

Hi @Mert_Mahanoglu - with Identity enabled, you need to authenticate before you can deploy any resources, including from Modeler. In your Modeler screenshot, you should have the “OAuth” option selected and filled out.

Mert_Mahanoglu · April 26, 2024, 6:01pm

Hi @nathan.loding,

Thank you for your answer. I have Camunda Console but I don’t have option to create cluster. So, I don’t have client ID, OAuth audience etc. Is there a way to generate these informations?

I appreciate for your help.

nathan.loding · April 26, 2024, 6:31pm

@Mert_Mahanoglu - in Self Managed, API credentials are managed through Identity.

Mert_Mahanoglu · April 27, 2024, 4:07am

Thank you for your help @nathan.loding.

My identity page goes blank after login but I will create new topic for that problem.

EDIT: After adding self-signed localhost certificate to Trusted root CA, blank page problem is solved.

system · May 4, 2024, 4:07am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.