The special character in the zeebe secrets causes token authorization failure
Closed this issue · 0 comments
ryanelee commented
This is informational for people who uses this library for OAuth authorizing from the self-managed Camunda Zeebe gateway.
When the Zeebe
client secret contains the +
character, the library will be failing on authorizing the token.
SDK Component
OAuth provider
Expected Behavior
The OAuth token should be generated properly
Current Behavior
The OAuth token generation is failed with 401 error returned.
Possible Solution
The issue is at https://github.com/camunda/camunda-8-js-sdk/blob/main/src/oauth/lib/OAuthProvider.ts#L282. If the +
character appears in field clientSecretToUse
, that'll cause an invalid body
parameter passed in the rest
library for the token request.
The Zeebe
client secret needs to be encoded by using something like: encodeURIComponent(zeebeSecret)
Steps to Reproduce
- Create a Zeebe application on Camunda identity for accessing Zeebe API, put
+
character in theClient Secret
field - Using OAuth offered by this library for authorization
- The OAuth authorization will be failed with 401 error