Closed ryanelee closed 1 month ago
This is informational for people who uses this library for OAuth authorizing from the self-managed Camunda Zeebe gateway.
When the Zeebe client secret contains the + character, the library will be failing on authorizing the token.
Zeebe
+
OAuth provider
The OAuth token should be generated properly
The OAuth token generation is failed with 401 error returned.
The issue is at https://github.com/camunda/camunda-8-js-sdk/blob/main/src/oauth/lib/OAuthProvider.ts#L282. If the + character appears in field clientSecretToUse, that'll cause an invalid body parameter passed in the rest library for the token request.
clientSecretToUse
body
rest
The Zeebe client secret needs to be encoded by using something like: encodeURIComponent(zeebeSecret)
encodeURIComponent(zeebeSecret)
Client Secret
This is informational for people who uses this library for OAuth authorizing from the self-managed Camunda Zeebe gateway.
When the
Zeebe
client secret contains the+
character, the library will be failing on authorizing the token.SDK Component
OAuth provider
Expected Behavior
The OAuth token should be generated properly
Current Behavior
The OAuth token generation is failed with 401 error returned.
Possible Solution
The issue is at https://github.com/camunda/camunda-8-js-sdk/blob/main/src/oauth/lib/OAuthProvider.ts#L282. If the
+
character appears in fieldclientSecretToUse
, that'll cause an invalidbody
parameter passed in therest
library for the token request.The
Zeebe
client secret needs to be encoded by using something like:encodeURIComponent(zeebeSecret)
Steps to Reproduce
+
character in theClient Secret
fieldContext (Environment)