Tasklist V1 API in c8run

Camunda 8 Topics
1

I’m testing functionality for a hybrid setup where there are both JobWorker based user tasks and Camunda user tasks in Camunda 8.8.8, running in c8run. It’s not clear to me how to use the V1 API for Tasklist, which is needed to retrieve user tasks that are JobWorker based.

I changed the default configuration by setting the environment var CAMUNDA_TASKLIST_V2_MODE_ENABLED to false (in the .env file) and updating the configuration file at configuration/appliation.yaml by adding the following. For some reason, just changing one didn’t seem to reach the full effect.

camunda:
tasklist:
V2ModeEnabled: false

This enabled V1 mode for tasklist and should have enabled the V1 API also, according to the documentation. The V2 API works as documented with curl, by first retrieving a cookie, then passing it with subsequent requests. The V1 API is a bit more tricky and the documentation is not conclusive.

I figured out I could get a cookie for the V1 API using a request like this:

curl -X POST '``http://localhost:8888/login``' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'username=demo&password=demo' \
-c cookie.txt

I derived this from the way Tasklist portal submits the data, because the documented endpoint /api/login (which used to be used for this with < 8.8), returns a 404, as does /login, as does /tasklist/api/login, some of which are mentioned by the docs.

With the cookie retrieved, I attempted other requests to the V1 API, only to bump against the csrf prevention. I attempted disabling those for this testing setup in a similar way as before, by setting CAMUNDA_TASKLIST_CSRF_PREVENTION_ENABLED to false in the .env file and doing the same in the application.yaml, but this continues to be an issue with any request beuse the csrf prevention keeps rejecting requests.

Which combination of configuration and request flow should I follow to enable the V1 Tasklist mode and retrieve both JobWorker based user tasks and Camunda user tasks (via different APIs) in c8run?

2

I’m a little confused…
I thought that JobWorker user tasks were called that because they were actually a Service Task that would be handled by an outside application to be presented to a user. So, you should still be able to use V2 APIs to collect them, since they’re just service tasks at the end of the day.

But… User Tasks (compared to Camunda User Tasks) would need V1 Tasklist APIs to see them. I’m not sure how User Tasks show up in V2 APIs.

3

Thanks @GotnOGuts , you’re right about JobWorker user tasks being implemented similar to a service task. Since these user tasks are deprecated and will no longer be supported at some point in the future, the new V2 API is geared towards their successor, Camunda User Tasks. You can’t retrieve the JobWorker user tasks with the V2 API and by default, they don’t even show up in Tasklist. That’s why I had to enable the V1 mode of Tasklist. The question centers around authenticating against the V1 API and once authenticated, how to perform search requests.

4

Camunda User Tasks are (as far as I understood) still implemented a bit like Service Tasks.

My point was that JobWorker tasks should still be available (via V2 APIs) to display in your custom tasklist since they are just Service Tasks.

Maybe I’m missing your point, but it feels like you might be muddying a few things together, which might be leading to some of the issues.

5

From what I can see in the docs here: Tasklist API versions | Camunda 8 Docs , JobWorker based user tasks are not available in the V2 APIs and I can confirm they don’t show up in the V2 API results.They exist, but must be retrieved with the V1 API. That’s why my question is about authorising against the V1 API in Tasklist, in order to retrieve them.

1 Like