OAuthCredentialsProvider send 401 error for Camunda Self-Managed

mhais · November 17, 2023, 6:01pm

Hello Camunda!

Currently I am implementiong solution for Camunda Identity authorization following official doc for Java cleint. We use Camunda 8.2.7 Self-Managed in our AWS cluster.

Here is my code (yes, it is very simple but just for testing):

public static void testAuth() {
        final OAuthCredentialsProvider provider =
                new OAuthCredentialsProviderBuilder()
                        .clientId("zeebe")
                        .clientSecret("zecret")
                        .audience("zeebe.dev.cluster.com")
                        .build();

        final ZeebeClient client =
                new ZeebeClientBuilderImpl()
                        .gatewayAddress("zeebe.dev.cluster.com:443")
                        .credentialsProvider(provider)
                        .build();

        client.newTopologyRequest().send().join().toString();
    }

Zeebe client ID and Secrte I took from Identity and is was configured by default (Helm chart).

But when I run my code I get error Failed while requesting access token with status code 401 and message Unauthorized.

May you please help to figure out what I did wrong?

Praveen_Kumar · December 8, 2023, 1:05pm

Hi @mhais , Did this get resolved for you ? We followed the same steps as you have mentioned and we are facing the exact same issue.

mhais · December 12, 2023, 12:56pm

Hello @Praveen_Kumar !

No, I am still waiting for the input from Camunda team as I am out of ideas how to resolve this issue.

ShilpaN.Chalke · January 29, 2024, 3:46pm

mhais:

public static void testAuth() {
        final OAuthCredentialsProvider provider =
                new OAuthCredentialsProviderBuilder()
                        .clientId("zeebe")
                        .clientSecret("zecret")
                        .audience("zeebe.dev.cluster.com")
                        .build();

        final ZeebeClient client =
                new ZeebeClientBuilderImpl()
                        .gatewayAddress("zeebe.dev.cluster.com:443")
                        .credentialsProvider(provider)
                        .build();

        client.newTopologyRequest().send().join().toString();
    }

Do we have any solution for this

mhais · January 30, 2024, 11:50am

Hello @ShilpaN.Chalke !

No, I haven’t found any solutions yet.

StephanHaarmann · March 8, 2024, 1:01pm

Hello @mhais,

First I recommend creating a dedicated client for your application. Please create a new client in Identity following the docs:

Create a new application in identity (e.g., myClient)
For this application, go to the ‘Access to APIs’ tab and add write access for Zeebe

Use the client ID and the client secret of the newly created client to connect to your Zeebe instance.

Second, I notice that the OAuth API endpoint is not configured.

Finally, do not forget to close the client in the end.

After making these changes, your code may look something like this:

public static void testAuth() {
        final OAuthCredentialsProvider provider =
                new OAuthCredentialsProviderBuilder()
                        .authorizationServerUrl("http://keycloak.dev.cluster.com/auth/realms/camunda-platform/protocol/openid-connect/token")
                        .clientId("myClient")
                        .clientSecret("myClientsSecret")
                        .audience("zeebe.dev.cluster.com")
                        .build();

        final ZeebeClient client =
                new ZeebeClientBuilderImpl()
                        .gatewayAddress("zeebe.dev.cluster.com:443")
                        .credentialsProvider(provider)
                        .build();

        client.newTopologyRequest().send().join().toString();
        client.close()
}

I hope that these information help you to solve your issue.

Kind regards,

Stephan