Integrated camunda with okta , External task throwing error with 403

Integrated camunda with okta using spring security and okta in springboot. Secured all the rest apis. My bpmn is deployed from modeler with bearer token . Bpmn has external task which is in nodejs. After subscription, polling started with 403 error for engine-rest/externaltask/fetchandlock end point.Any suggestions please

Hi @keshavireddy_99,

I have no idea about Okta internals, but the external task client for Java script has a KeycloakAuthInterceptor: camunda-external-task-client-js/KeycloakAuthInterceptor.md at master · camunda/camunda-external-task-client-js · GitHub

Maybe you can use this directly for Okta, maybe it requires some adoption.

Hope this helps, Ingo

Hey Ingo,
Thanks for the solution , But Issue is, token generated in KeycloakAuthInterceptor is using client credentials flow. Which doesn’t contain userId in bearer token .So token validation is failing in spring security side with null userId .Any suggestions on getting bearerToken into externalTasks(nodejs) from webApplication?