First I want that someone explain to me the relation between assignments of user tasks , tasklist , identity and keycloak. Which kind of dependencies between them . And if I can assign task to a user that he is not created on camunda side ?
I have just started winhom camunda and I want to understand , when we assign a userTask to a user , that user should be created on camunda side or not ?
When I design a process without assign the user tasks . Can I claim the user task to any user ?
Please it is very urgent because I need to understand if it is mandatory to add identity and keycloak components or we can avoid them .
Hi @Ritaa,
I strongly recommend to include Identity and Keycloak in your Camunda 8 deployment. Some features, such as resource-based authorization are only available via Identity.
In a full setup, Identity (and Keycloak) is used to authenticate and authorize users and clients. This means, only users available in Identity can access the Tasklist and claim tasks.
If you leave the asignee and candidate group/users empty, any user can claim the task.
Note, the Tasklist API does not enforce that the assignee is acutally available in the system. In other words: when using the API you can assign any user.
Thanks for your answer . Regarding your comment « the Tasklist API does not enforce that the assignee is acutally available in the system. In other words: when using the API you can assign any user.« You mean that i can assign the user task to user that IT doesn’t exist on Identity ?
Also I have a second question about the access to diffèrent components and apis . For example I have a micro service that will call the rest api of camunda what I should do to make that api accessible by my microservice?
You mean that i can assign the user task to user that IT doesn’t exist on Identity ?
Correct - but only via API not via the Frontend.
Also I have a second question about the access to diffèrent components and apis . For example I have a micro service that will call the rest api of camunda what I should do to make that api accessible by my microservice?
I will present you all my doubts hoping that you could help me
1- so on my micro- service I can use the camunda apis by authenticating the call by using the credentials of the application added on the identity. So for example to assign the task to any user we call the rest api by sending on the authentication the application token . Not the user token as it doesn’t exist on identity.
And then when I call the rest api of update variables or complete task . I will do the same. It means on camunda side there are no check if that task is completed by the same user or not
2- what is the best client we could use , so you think it is better to use grpc or the rest apis . and if you can detail the use case of each one of them .
1 - If you claim and complete tasks via the API, Camunda does not check the user information. Your general understanding of the steps is correct.
2 - Currently, zeebe can only be accessed via gRPC, Tasklist can be accessed via REST. The latency of the REST API will be higher, but it’s more convenient to use.
When using the gRPC API, you’d need to create a JobWorker for user tasks, lock the user task for a long period and complete it via another gRPC call. It communicates directly with zeebe and does not rely on Tasklist. There is a simple example on github.
Zeebe will export data to elasticsearch and Tasklist will import this data. Hence, it’s latency is higher. Note, Tasklist API may only be used in production by enterprise customers.
And what about the process variables . Is there any way to create a common model of variables that we can share between the micro-services and the process modélisation. To simply the matching of the micro service data and the process instances variable ?
