camunda/camunda-8-js-sdk

The special character in the zeebe secrets causes token authorization failure

Closed this issue a month ago · 0 comments

ryanelee commented a month ago

This is informational for people who uses this library for OAuth authorizing from the self-managed Camunda Zeebe gateway.

When the Zeebe client secret contains the + character, the library will be failing on authorizing the token.

SDK Component

OAuth provider

Expected Behavior

The OAuth token should be generated properly

Current Behavior

The OAuth token generation is failed with 401 error returned.

Possible Solution

The issue is at https://github.com/camunda/camunda-8-js-sdk/blob/main/src/oauth/lib/OAuthProvider.ts#L282. If the + character appears in field clientSecretToUse, that'll cause an invalid body parameter passed in the rest library for the token request.

The Zeebe client secret needs to be encoded by using something like: encodeURIComponent(zeebeSecret)

Steps to Reproduce

Create a Zeebe application on Camunda identity for accessing Zeebe API, put + character in the Client Secret field
Using OAuth offered by this library for authorization
The OAuth authorization will be failed with 401 error

Context (Environment)