4.0.0rc6 and rc7 generate connection errors

[barthansen]

When upgrading to any the 2 above mentioned rc versions I cannot connect to Zeebe anymore Zeebe is v 8.5.8

Python code example:

import asyncio

from pyzeebe import (
    Job,
    ZeebeWorker,
    create_camunda_cloud_channel
)
from pyzeebe.errors import BusinessError

grpc_channel = create_camunda_cloud_channel(
    client_id="xxx",
    client_secret="xxx",
    cluster_id="xxx",
    region="bru-2")
worker = ZeebeWorker(grpc_channel)

@worker.task(task_type="my_task")
async def my_task(x: int):
    return {"y": x + 1}

loop = asyncio.get_event_loop()
loop.run_until_complete(worker.work())

Above code works using rc5, higher versions break it

Output:

/Users/barth/SynologyDrive/Glpg/projects/bitbucket/ip-poc-camunda/venv2/lib/python3.9/site-packages/urllib3/init.py:35: NotOpenSSLWarning: urllib3 v2 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with 'LibreSSL 2.8.3'. See: https://github.com/urllib3/urllib3/issues/3020 warnings.warn( Traceback (most recent call last): File "/Users/barth/SynologyDrive/Glpg/projects/bitbucket/ip-poc-camunda/venv2/lib/python3.9/site-packages/pyzeebe/channel/camunda_cloud_channel.py", line 77, in _get_access_token response.raise_for_status() File "/Users/barth/SynologyDrive/Glpg/projects/bitbucket/ip-poc-camunda/venv2/lib/python3.9/site-packages/requests/models.py", line 1024, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://login.cloud.camunda.io/oauth/token

The above exception was the direct cause of the following exception:

Traceback (most recent call last): File "/Users/barth/SynologyDrive/Glpg/projects/bitbucket/ip-poc-camunda/venv2/lib/python3.9/site-packages/pyzeebe/channel/camunda_cloud_channel.py", line 53, in _create_camunda_cloud_credentials access_token = _get_access_token( File "/Users/barth/SynologyDrive/Glpg/projects/bitbucket/ip-poc-camunda/venv2/lib/python3.9/site-packages/pyzeebe/channel/camunda_cloud_channel.py", line 82, in _get_access_token raise InvalidOAuthCredentialsError(url=url, client_id=client_id, audience=audience) from http_error pyzeebe.errors.credentials_errors.InvalidOAuthCredentialsError: Invalid OAuth credentials supplied for https://login.cloud.camunda.io/oauth/token with audience 80f547d0-fa26-4b24-a5cf-789e5247cc80.bru-2.zeebe.camunda.io and client id jJSACx2J4lo0cdAEHoPjm0FVNlz1H6mP

The above exception was the direct cause of the following exception:

Traceback (most recent call last): File "/Users/barth/SynologyDrive/Glpg/projects/bitbucket/ip-poc-camunda/python_src/solution_design_poc/connect_worker.py", line 13, in grpc_channel = create_camunda_cloud_channel( File "/Users/barth/SynologyDrive/Glpg/projects/bitbucket/ip-poc-camunda/venv2/lib/python3.9/site-packages/pyzeebe/channel/camunda_cloud_channel.py", line 40, in create_camunda_cloud_channel channel_credentials = _create_camunda_cloud_credentials(client_id, client_secret, cluster_id, region) File "/Users/barth/SynologyDrive/Glpg/projects/bitbucket/ip-poc-camunda/venv2/lib/python3.9/site-packages/pyzeebe/channel/camunda_cloud_channel.py", line 61, in _create_camunda_cloud_credentials raise InvalidCamundaCloudCredentialsError(client_id, cluster_id) from oauth_error pyzeebe.errors.credentials_errors.InvalidCamundaCloudCredentialsError: Invalid credentials supplied for cluster 80f547d0-fa26-4b24-a5cf-789e5247cc80 with client jJSACx2J4lo0cdAEHoPjm0FVNlz1H6mP

Process finished with exit code 1

[felicijus]

@barthansen Did you override the default audience?

pyzeebe.errors.credentials_errors.InvalidOAuthCredentialsError: Invalid OAuth credentials supplied for https://login.cloud.camunda.io/oauth/token with audience 80f547d0-fa26-4b24-a5cf-789e5247cc80.bru-2.zeebe.camunda.io and client id jJSACx2J4lo0cdAEHoPjm0FVNlz1H6mP

audience 80f547d0-fa26-4b24-a5cf-789e5247cc80.bru-2.zeebe.camunda.io should be zeebe.camunda.io

[barthansen]

@barthansen Did you override the default audience?

pyzeebe.errors.credentials_errors.InvalidOAuthCredentialsError: Invalid OAuth credentials supplied for https://login.cloud.camunda.io/oauth/token with audience 80f547d0-fa26-4b24-a5cf-789e5247cc80.bru-2.zeebe.camunda.io and client id jJSACx2J4lo0cdAEHoPjm0FVNlz1H6mP

audience 80f547d0-fa26-4b24-a5cf-789e5247cc80.bru-2.zeebe.camunda.io should be zeebe.camunda.io

@felicijus I am a newbie Zeebe developer - what I did:

• create a demo Camunda/zeebe account on SAAS
• generated API credentials - including zeebe scope
• ran the above code snippet - copied the API credentials created -> then could see this was working well with RC5 and not the newer 6 and 7

[felicijus]

@barthansen That is strange because the new way of creating the Camunda Cloud (SaaS) was introduced in v4.0.0rc7 Can you provide your code as a codeblock ? (Just update the Issue)

@dimastbk Can you reproduce this error ?

[barthansen]

@barthansen That is strange because the new way of creating the Camunda Cloud (SaaS) was introduced in v4.0.0rc7 Can you provide your code as a codeblock ? (Just update the Issue)

@dimastbk Can you reproduce this error ?

@felicijus Done

[felicijus]

@barthansen Can you try to create the Channel like this ?

grpc_channel: grpc.aio.Channel = create_camunda_cloud_channel(
    client_id=ZEEBE_CLIENT_ID,
    client_secret=ZEEBE_CLIENT_SECRET,
    cluster_id=CAMUNDA_CLUSTER_ID,
    region=CAMUNDA_CLUSTER_REGION,
    scope=None, # or cluster_id
)

Camunda Docs

@dimastbk Scope None is because I made a mistake when implementing setting scope to "Zeebe" when it should be None or cluster_id, I will provide a fix for this soon.

[felicijus]

@barthansen Found the Issue now.

Please import the new function

from pyzeebe.channel.oauth_channel import (
    create_camunda_cloud_channel,
)

This is the explicit way, normally it should have replaced the pyzeebe.create_camunda_cloud_channel function with the new one. Maybe also clean up your virtual environment.