chio chuan ooi created CAMEL-23974:
--------------------------------------
Summary: camel-zeebe: OAuth clientId/clientSecret/oAuthAPI
configured on ZeebeComponent are never passed to ZeebeService, so no
authentication occurs
Key: CAMEL-23974
URL: https://issues.apache.org/jira/browse/CAMEL-23974
Project: Camel
Issue Type: Bug
Affects Versions: 4.18.3
Reporter: chio chuan ooi
camel-zeebe's OAuth configuration (clientId, clientSecret, oAuthAPI) is
silently ignored. These properties are correctly exposed and bound on
ZeebeComponent (e.g. via camel.component.zeebe.client-id,
camel.component.zeebe.client-secret, camel.component.zeebe.o-auth-a-p-i in
Spring Boot), but they are never propagated to the internal ZeebeService, which
is the class that actually builds the ZeebeClient used for startProcess and
job-worker registration.
As a result, no OAuth token request is ever made and no bearer token is ever
attached to gRPC calls, regardless of configuration — the client always falls
back to usePlaintext()/no-credentials, with no error or warning surfaced to the
user. This is a silent failure: a user can configure full OAuth credentials,
deploy to production, and never know authentication isn't happening.
issue:
{{ZeebeComponent.doStart()}} constructs {{ZeebeService}} using only:
{code:java}
zeebeService = new ZeebeService(gatewayHost, gatewayPort);
//but clientId is a private field on ZeebeService that is never assigned, so it
is always null at runtime and this branch is unreachable in practice.
if (clientId != null) {
// builds OAuthCredentialsProvider and passes to ZeebeClient
} else {
// usePlaintext(), no credentials
}
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)