Hi,
I have Zeebe Gateway readdy in K8s and setup port forwarding from 26500 port to 26501, then I have a Keycloak with identity Client “zeebe-api” with secret (the client was created automatically by charts).
I can succesffully retrieve acces-token using Postman:
But when I am trying to connect through grpc using either grpcCurl or deploy diagram from DesktopModelere, I am getting an error that Token cannot be parsed.
Here is the settings in DesktopModeler:
Here is the output from verbose debug mode:
D 2024-08-16T19:04:20.824Z | v1.9.7 21084 | retrying_call | [93] Received status from child [94]
D 2024-08-16T19:04:20.824Z | v1.9.7 21084 | retrying_call | [93] state=TRANSPARENT_ONLY handling status with progress PROCESSED from child [94] in state ACTIVE
D 2024-08-16T19:04:20.824Z | v1.9.7 21084 | retrying_call | [93] ended with status: code=16 details="Failed to parse bearer token, see cause for details"
D 2024-08-16T19:04:20.824Z | v1.9.7 21084 | resolving_call | [92] Received status
D 2024-08-16T19:04:20.824Z | v1.9.7 21084 | resolving_call | [92] ended with status: code=16 details="Failed to parse bearer token, see cause for details"
2024-08-16T19:04:20.824Z grpc topologySync error: 16
21:04:20.825 | zeebe | INFO: Set Grpc channel ready timer for 3000ms
ERROR app:zeebe-api connection check failed {
parameters: {
endpoint: {
type: 'selfHosted',
authType: 'oauth',
url: 'http://localhost:26501',
oauthURL: 'http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/token',
audience: 'zeebe-api',
scope: 'openid',
clientId: '******',
clientSecret: '******'
}
}
} Error: 16 UNAUTHENTICATED: Failed to parse bearer token, see cause for details
at callErrorFromStatus (C:\Users\mrazv\Downloads\camunda-modeler-5.23.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\call.js:31:19)
at Object.onReceiveStatus (C:\Users\mrazv\Downloads\camunda-modeler-5.23.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\client.js:192:76)
at C:\Users\mrazv\Downloads\camunda-modeler-5.23.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\call-interface.js:78:35
at Object.onReceiveStatus (C:\Users\mrazv\Downloads\camunda-modeler-5.23.0-win-x64\resources\app.asar\node_modules\zeebe-node\dist\lib\GrpcClient.js:97:36)
at InterceptingListenerImpl.onReceiveStatus (C:\Users\mrazv\Downloads\camunda-modeler-5.23.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\call-interface.js:73:23)
at Object.onReceiveStatus (C:\Users\mrazv\Downloads\camunda-modeler-5.23.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\client-interceptors.js:360:141)
at Object.onReceiveStatus (C:\Users\mrazv\Downloads\camunda-modeler-5.23.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\client-interceptors.js:323:181)
at C:\Users\mrazv\Downloads\camunda-modeler-5.23.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\resolving-call.js:99:78
at process.processTicksAndRejections (node:internal/process/task_queues:77:11)
for call at
at ServiceClientImpl.makeUnaryRequest (C:\Users\mrazv\Downloads\camunda-modeler-5.23.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\client.js:160:32)
at ServiceClientImpl.<anonymous> (C:\Users\mrazv\Downloads\camunda-modeler-5.23.0-win-x64\resources\app.asar\node_modules\@grpc\grpc-js\build\src\make-client.js:105:19)
at C:\Users\mrazv\Downloads\camunda-modeler-5.23.0-win-x64\resources\app.asar\node_modules\zeebe-node\dist\lib\GrpcClient.js:272:47
at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
code: 16,
details: 'Failed to parse bearer token, see cause for details',
metadata: Metadata {
internalRepr: Map(1) { 'content-type' => [Array] },
options: {}
}
}
D 2024-08-16T19:04:20.826Z | v1.9.7 21084 | subchannel_call | [95] HTTP/2 stream closed with code 8
D 2024-08-16T19:04:21.746Z | v1.9.7 21084 | transport | (148) ::1:26501 session closed
Here is the automaticcaly created KeyCloak clients:
Disclaimer: Before posting this, I tested that zeebe-gateway is up and running, port-forwarding is correct, I can reach out to all of the other components. I also tested that it is working without KeyCloak only with Basic auth when identity is disabled in the charts. Also, the token is new, refreshed, it did not expired. I also ran the DesktopModeler in DEBUG mode to have more verbose info about it, but in the console I can see the same output as in the grpcurl.
Any help would be highly appreciated. Last note is, that I am using the default helm charts installations.
Thank you very much