Hello,
We have a Camunda 8.6.7 integrated directly with Entra ID. There is no documentation how to generate an access token for /v1 Tasklist and operate APIs. This doc assumes keycloak is enabled, We don’t have keycloak and using cookies.txt does not seem right because Entra ID use login requires a MFA.
I tried using Operate and Tasklist’s client_id / secret for the registered apps in Entra ID. Using Entra ID’s https://login.microsoftonline.com/'${tenantId}'/oauth2/v2.0/token, we can generate a JWT token, however, this
curl --request POST ${baseUrl}/operate/v1/process-instances/search \
--header "Authorization: Bearer ${accessToken}" \
--header 'Content-Type: application/json' \
--data-raw '{}'
fails with error:
{"message":"An error occurred while attempting to decode the Jwt: Signed JWT rejected: Invalid signature"}
We have confirmed the generated JWT signature is verified and valid. That error message is incorrect. But the bigger problem is I cannot make any API calls.
Any insight into how to do this?
Regards,
Atul