Expected valid client id but none was provided

Rabeb_Abid · May 12, 2025, 1:28pm

i.c.z.client.impl.ZeebeCallCredentials : The request’s security level does not guarantee that the credentials will be confidential.

i use self-managed without indentity et authentication . camunda 8.7
application.yml :

camunda:
  client:
    mode: self-managed
    auth:
      path: /api/login
      username: demo
      password: demo
    zeebe:
      enabled: true
      prefer-rest-over-grpc: false
      audience: zeebe-api
      execution-threads: 5
      defaults:
        stream-enabled: false
      grpc-address: http://localhost:26500
      rest-address: http://localhost:5088

## Image versions ##
# renovate: datasource=docker depName=camunda/connectors-bundle
CAMUNDA_CONNECTORS_VERSION=8.7.0
# renovate: datasource=docker depName=camunda/zeebe
CAMUNDA_ZEEBE_VERSION=8.7.1
# renovate: datasource=docker depName=camunda/identity
CAMUNDA_IDENTITY_VERSION=8.7.0
# renovate: datasource=docker depName=camunda/operate
CAMUNDA_OPERATE_VERSION=8.7.1
# renovate: datasource=docker depName=camunda/tasklist
CAMUNDA_TASKLIST_VERSION=8.7.1
# renovate: datasource=docker depName=camunda/optimize
CAMUNDA_OPTIMIZE_VERSION=8.7.0
# renovate: datasource=docker depName=camunda/web-modeler-restapi
CAMUNDA_WEB_MODELER_VERSION=8.7.0
# renovate: datasource=docker depName=elasticsearch
ELASTIC_VERSION=8.17.5
KEYCLOAK_SERVER_VERSION=24.0.5
# renovate: datasource=docker depName=axllent/mailpit
MAILPIT_VERSION=v1.21.8
POSTGRES_VERSION=14.5-alpine
HOST=localhost
KEYCLOAK_HOST=localhost

## Configuration ##
# By default the zeebe api is public, when setting this to `identity` a valid zeebe client token is required
ZEEBE_AUTHENTICATION_MODE=none
ZEEBE_CLIENT_ID=zeebe
ZEEBE_CLIENT_SECRET=zecret

# Set to 'true' to enable resource based authorizations for users and groups
# This can be used to limit access for users or groups to view/update specific
# processes and decisions in Operate and Tasklist
RESOURCE_AUTHORIZATIONS_ENABLED=false

# Set to 'true' to enable multi-tenancy across all components
# This requires use of identity for authentication
#
#  ZEEBE_AUTHENTICATION_MODE=identity
#
MULTI_TENANCY_ENABLED=false

# Document store credentials
# DOCUMENT_DEFAULT_STORE_ID=...
# AWS_ACCESS_KEY_ID=...
# AWS_SECRET_ACCESS_KEY=...
# AWS_REGION=..
# DOCUMENT_STORE_AWS_BUCKET=...
# DOCUMENT_STORE_AWS_BUCKET_PATH=...
# DOCUMENT_STORE_AWS_CLASS=...

2025-05-12T14:21:38.520+01:00 WARN 19804 — [core] [ task-3] i.c.z.client.impl.ZeebeCallCredentials : The request’s security level does not guarantee that the credentials will be confidential.
2025-05-12T14:21:38.521+01:00 WARN 19804 — [core] [ task-9] i.c.z.client.impl.ZeebeCallCredentials : The request’s security level does not guarantee that the credentials will be confidential.
2025-05-12T14:21:38.521+01:00 WARN 19804 — [core] [ task-6] i.c.z.client.impl.ZeebeCallCredentials : The request’s security level does not guarantee that the credentials will be confidential.
2025-05-12T14:21:38.522+01:00 WARN 19804 — [core] [ task-1] i.c.z.client.impl.ZeebeCallCredentials : The request’s security level does not guarantee that the credentials will be confidential.
2025-05-12T14:21:38.522+01:00 WARN 19804 — [core] [ task-9] i.c.z.client.impl.ZeebeCallCredentials : The request’s security level does not guarantee that the credentials will be confidential.

main] z.s.c.c.CredentialsProviderConfiguration : Failed to configure credential provider

java.lang.IllegalArgumentException: java.lang.NullPointerException: Expected valid client id but none was provided.
at io.camunda.zeebe.client.impl.oauth.OAuthCredentialsProviderBuilder.validate(OAuthCredentialsProviderBuilder.java:261) ~[zeebe-client-java-8.7.1.jar:8.7.1]
at io.camunda.zeebe.client.impl.oauth.OAuthCredentialsProviderBuilder.build(OAuthCredentialsProviderBuilder.java:175) ~[zeebe-client-java-8.7.1.jar:8.7.1]
at io.camunda.zeebe.spring.client.configuration.CredentialsProviderConfiguration.camundaClientCredentialsProvider(CredentialsProviderConfiguration.java:57) ~[spring-boot-starter-camunda-sdk-8.7.1.jar:8.7.1]
at io.camunda.zeebe.spring.client.configuration.CredentialsProviderConfiguration$$SpringCGLIB$$0.CGLIB$camundaClientCredentialsProvider$0() ~[spring-boot-starter-camunda-sdk-8.7.1.jar:8.7.1]
at io.camunda.zeebe.spring.client.configuration.CredentialsProviderConfiguration$$SpringCGLIB$$FastClass$$1.invoke() ~[spring-boot-starter-camunda-sdk-8.7.1.jar:8.7.1]

GotnOGuts · May 12, 2025, 7:59pm

I believe that this is just a warning, being very very clear that since you are using http:// rather than https:// the data cannot be promised to be kept secure while in transit (ie. someone else could obtain your username and password)

However, the underlying report “Expected valid client ID but none was provided” indicates that somewhere things are still expecting OAuth / Identity configuration.

Rabeb_Abid · May 13, 2025, 7:32am

thank you , but how to fix this warning
i dont want to use OAuth / Identity configuration.