Secure REST API no process-definitions available

Hi folks

I secured the rest api calls. I am able to generate the bearer token and to get an answer from the rest api engine → so the engine is alive :wink: .

But when I make a call afterwards to get the available process-definitions (http://localhost:8080/camunda/engine-rest/process-definition), I just get back an empty array → [] .

So, I thought it is maybe that my camunda_admin user do not have access to this process definitions, because in the cockpit, the process-definitions are visible. So, I did a rest call to get the authorizations (http://localhost:8080/camunda/engine-rest/authorization?userId=camunda_admin) which also results in an empty array → [].

Do you have any idea whats wrong. Please could you help me.

Thank you very much.

Kind regards
Roger

How did you secure the REST API?
It sounds similar to a problem I had when I added authentication by the Spring security filter chain. In short, authentication by the Spring security filter chain is not sufficient, you need to translate the authentication result to the engine. The long explanation is here: Authorization does not apply to REST API - #6 by mba