JS SDK authentication for c8run

When running Camunda locally using c8run, APIs such as the task list API should be accessed using cookie-based authentication (source: doc).

It’s not clear to me if the Camunda 8 javascript SDK actually supports cookie authentication; the documentation only mentions that the java client doesn’t.

I tried using the basic auth config via environment variables, to no avail:

export CAMUNDA_AUTH_STRATEGY='BASIC'
export CAMUNDA_BASIC_AUTH_USERNAME='demo'
export CAMUNDA_BASIC_AUTH_PASSWORD='demo'

How should I authenticate against my local Camunda when using the JS SDK?

It looks (from the documentation) that you can use basic authentication.

But it looks like there’s an improvement that could be made to the documentation based on how I’m reading it.

Could you try setting:

export CAMUNDA_OAUTH_DISABLED=true
export CAMUNDA_AUTH_STRATEGY='BASIC'
export CAMUNDA_BASIC_AUTH_USERNAME='demo'
export CAMUNDA_BASIC_AUTH_PASSWORD='demo'

Note: I haven’t (and can’t) tried this, so no promises that it will work.

Also, have a good look at the logging section, logs will likely give us all hints on what is actually going on.

Thank you for your answer. The JS SDK supports basic auth indeed, but my issue is on the Camunda side, not the client.

As far as I understand when running Camunda locally with Camunda 8 run the only supported form of authentication is cookie-based. I’m assuming this based on the fact that the documentation has a section on authentication for the Java client and only cookies are mentioned there.

If that is the case then I need to find a way to send that cookie as a header using the JS client; but it’s not clear that it offers a way to send custom headers.

Not yet. I’ve opened an issue for it, and will take a look at it this week: