Class OAuthProvider

The OAuthProvider class is an implementation of the IHeadersProvider interface that uses the OAuth 2.0 client credentials grant to authenticate with the Camunda Platform 8 Identity service. It handles token expiration and renewal, and caches tokens in memory and on disk.

It is used by the SDK to authenticate with the Camunda Platform 8. You will rarely need to use this class directly, as it is used internally by the SDK.

Example

const authProvider = new OAuthProvider({
  config: {
    CAMUNDA_OAUTH_URL: 'https://login.cloud.camunda.io/oauth/token',
    ZEEBE_CLIENT_ID: 'your-client-id',
    ZEEBE_CLIENT_SECRET: 'your-client-secret',
  },
})

const token = await authProvider.getToken('ZEEBE')

Implements

IHeadersProvider

Index

Constructors

constructor

new OAuthProvider(
    options?: {
        config?: DeepPartial<
            {
                CAMUNDA_AUTH_STRATEGY: | "BASIC"
                | "OAUTH"
                | "BEARER"
                | "COOKIE"
                | "NONE";
                CAMUNDA_BASIC_AUTH_PASSWORD: undefined
                | string;
                CAMUNDA_BASIC_AUTH_USERNAME: undefined | string;
                CAMUNDA_CONSOLE_BASE_URL: undefined | string;
                CAMUNDA_CONSOLE_CLIENT_ID: undefined | string;
                CAMUNDA_CONSOLE_CLIENT_SECRET: undefined | string;
                CAMUNDA_CONSOLE_OAUTH_AUDIENCE: string;
                CAMUNDA_COOKIE_AUTH_PASSWORD: string;
                CAMUNDA_COOKIE_AUTH_URL: string;
                CAMUNDA_COOKIE_AUTH_USERNAME: string;
                CAMUNDA_CUSTOM_CERT_CHAIN_PATH: undefined | string;
                CAMUNDA_CUSTOM_PRIVATE_KEY_PATH: undefined | string;
                CAMUNDA_CUSTOM_ROOT_CERT_PATH: undefined | string;
                CAMUNDA_CUSTOM_ROOT_CERT_STRING: undefined | string;
                CAMUNDA_CUSTOM_USER_AGENT_STRING: undefined | string;
                CAMUNDA_JOB_WORKER_MAX_BACKOFF_MS: number;
                CAMUNDA_LOG_LEVEL:
                    | "none"
                    | "error"
                    | "http"
                    | "warn"
                    | "info"
                    | "verbose"
                    | "debug"
                    | "silly";
                CAMUNDA_MODELER_BASE_URL: string;
                CAMUNDA_MODELER_OAUTH_AUDIENCE: undefined
                | string;
                CAMUNDA_OAUTH_DISABLED: boolean;
                CAMUNDA_OAUTH_TOKEN: undefined | string;
                CAMUNDA_OAUTH_TOKEN_REFRESH_THRESHOLD_MS: number;
                CAMUNDA_OAUTH_URL: undefined | string;
                CAMUNDA_OPERATE_BASE_URL: undefined | string;
                CAMUNDA_OPERATE_OAUTH_AUDIENCE: string;
                CAMUNDA_OPTIMIZE_BASE_URL: undefined | string;
                CAMUNDA_OPTIMIZE_OAUTH_AUDIENCE: string;
                CAMUNDA_SECURE_CONNECTION: undefined | boolean;
                CAMUNDA_SUPPORT_LOG_ENABLED: boolean;
                CAMUNDA_SUPPORT_LOG_FILE_PATH: undefined | string;
                CAMUNDA_TASKLIST_BASE_URL: undefined | string;
                CAMUNDA_TASKLIST_OAUTH_AUDIENCE: string;
                CAMUNDA_TENANT_ID: undefined | string;
                CAMUNDA_TOKEN_CACHE_DIR: undefined | string;
                CAMUNDA_TOKEN_DISK_CACHE_DISABLE: boolean;
                CAMUNDA_TOKEN_SCOPE: undefined | string;
                CAMUNDA_ZEEBE_OAUTH_AUDIENCE: undefined | string;
                ZEEBE_ADDRESS: undefined | string;
                ZEEBE_CLIENT_ID: undefined | string;
                ZEEBE_CLIENT_SECRET: undefined | string;
                ZEEBE_GRPC_ADDRESS: string;
                ZEEBE_REST_ADDRESS: string;
                ZEEBE_TOKEN_AUDIENCE: string;
                zeebeGrpcSettings: {
                    GRPC_HTTP2_MAX_PINGS_WITHOUT_DATA: number;
                    GRPC_HTTP2_MIN_PING_INTERVAL_WITHOUT_DATA_MS: number;
                    GRPC_HTTP2_MIN_TIME_BETWEEN_PINGS_MS: number;
                    GRPC_INITIAL_RECONNECT_BACKOFF_MS: string | 1000;
                    GRPC_KEEPALIVE_PERMIT_WITHOUT_CALLS: number;
                    GRPC_KEEPALIVE_TIME_MS: number;
                    GRPC_KEEPALIVE_TIMEOUT_MS: number;
                    GRPC_MAX_RECONNECT_BACKOFF_MS: string | 10000;
                    GRPC_MIN_RECONNECT_BACKOFF_MS: string | 5000;
                    ZEEBE_CLIENT_LOG_LEVEL: "NONE" | "DEBUG" | "INFO";
                    ZEEBE_CLIENT_LOG_TYPE: "JSON" | "SIMPLE";
                    ZEEBE_GRPC_CLIENT_CONNECTION_TOLERANCE_MS: number;
                    ZEEBE_GRPC_CLIENT_EAGER_CONNECT: boolean;
                    ZEEBE_GRPC_CLIENT_INITIAL_CONNECTION_TOLERANCE_MS: undefined | number;
                    ZEEBE_GRPC_CLIENT_MAX_RETRIES: number;
                    ZEEBE_GRPC_CLIENT_MAX_RETRY_TIMEOUT_SECONDS: number;
                    ZEEBE_GRPC_CLIENT_RETRY: boolean;
                    ZEEBE_GRPC_WORKER_LONGPOLL_SECONDS: number;
                    ZEEBE_GRPC_WORKER_POLL_INTERVAL_MS: number;
                    ZEEBE_INSECURE_CONNECTION: undefined | boolean;
                };
            },
        >;
    },
): OAuthProvider
Parameters
- Optionaloptions: {
      config?: DeepPartial<
          {
              CAMUNDA_AUTH_STRATEGY: | "BASIC"
              | "OAUTH"
              | "BEARER"
              | "COOKIE"
              | "NONE";
              CAMUNDA_BASIC_AUTH_PASSWORD: undefined
              | string;
              CAMUNDA_BASIC_AUTH_USERNAME: undefined | string;
              CAMUNDA_CONSOLE_BASE_URL: undefined | string;
              CAMUNDA_CONSOLE_CLIENT_ID: undefined | string;
              CAMUNDA_CONSOLE_CLIENT_SECRET: undefined | string;
              CAMUNDA_CONSOLE_OAUTH_AUDIENCE: string;
              CAMUNDA_COOKIE_AUTH_PASSWORD: string;
              CAMUNDA_COOKIE_AUTH_URL: string;
              CAMUNDA_COOKIE_AUTH_USERNAME: string;
              CAMUNDA_CUSTOM_CERT_CHAIN_PATH: undefined | string;
              CAMUNDA_CUSTOM_PRIVATE_KEY_PATH: undefined | string;
              CAMUNDA_CUSTOM_ROOT_CERT_PATH: undefined | string;
              CAMUNDA_CUSTOM_ROOT_CERT_STRING: undefined | string;
              CAMUNDA_CUSTOM_USER_AGENT_STRING: undefined | string;
              CAMUNDA_JOB_WORKER_MAX_BACKOFF_MS: number;
              CAMUNDA_LOG_LEVEL:
                  | "none"
                  | "error"
                  | "http"
                  | "warn"
                  | "info"
                  | "verbose"
                  | "debug"
                  | "silly";
              CAMUNDA_MODELER_BASE_URL: string;
              CAMUNDA_MODELER_OAUTH_AUDIENCE: undefined
              | string;
              CAMUNDA_OAUTH_DISABLED: boolean;
              CAMUNDA_OAUTH_TOKEN: undefined | string;
              CAMUNDA_OAUTH_TOKEN_REFRESH_THRESHOLD_MS: number;
              CAMUNDA_OAUTH_URL: undefined | string;
              CAMUNDA_OPERATE_BASE_URL: undefined | string;
              CAMUNDA_OPERATE_OAUTH_AUDIENCE: string;
              CAMUNDA_OPTIMIZE_BASE_URL: undefined | string;
              CAMUNDA_OPTIMIZE_OAUTH_AUDIENCE: string;
              CAMUNDA_SECURE_CONNECTION: undefined | boolean;
              CAMUNDA_SUPPORT_LOG_ENABLED: boolean;
              CAMUNDA_SUPPORT_LOG_FILE_PATH: undefined | string;
              CAMUNDA_TASKLIST_BASE_URL: undefined | string;
              CAMUNDA_TASKLIST_OAUTH_AUDIENCE: string;
              CAMUNDA_TENANT_ID: undefined | string;
              CAMUNDA_TOKEN_CACHE_DIR: undefined | string;
              CAMUNDA_TOKEN_DISK_CACHE_DISABLE: boolean;
              CAMUNDA_TOKEN_SCOPE: undefined | string;
              CAMUNDA_ZEEBE_OAUTH_AUDIENCE: undefined | string;
              ZEEBE_ADDRESS: undefined | string;
              ZEEBE_CLIENT_ID: undefined | string;
              ZEEBE_CLIENT_SECRET: undefined | string;
              ZEEBE_GRPC_ADDRESS: string;
              ZEEBE_REST_ADDRESS: string;
              ZEEBE_TOKEN_AUDIENCE: string;
              zeebeGrpcSettings: {
                  GRPC_HTTP2_MAX_PINGS_WITHOUT_DATA: number;
                  GRPC_HTTP2_MIN_PING_INTERVAL_WITHOUT_DATA_MS: number;
                  GRPC_HTTP2_MIN_TIME_BETWEEN_PINGS_MS: number;
                  GRPC_INITIAL_RECONNECT_BACKOFF_MS: string | 1000;
                  GRPC_KEEPALIVE_PERMIT_WITHOUT_CALLS: number;
                  GRPC_KEEPALIVE_TIME_MS: number;
                  GRPC_KEEPALIVE_TIMEOUT_MS: number;
                  GRPC_MAX_RECONNECT_BACKOFF_MS: string | 10000;
                  GRPC_MIN_RECONNECT_BACKOFF_MS: string | 5000;
                  ZEEBE_CLIENT_LOG_LEVEL: "NONE" | "DEBUG" | "INFO";
                  ZEEBE_CLIENT_LOG_TYPE: "JSON" | "SIMPLE";
                  ZEEBE_GRPC_CLIENT_CONNECTION_TOLERANCE_MS: number;
                  ZEEBE_GRPC_CLIENT_EAGER_CONNECT: boolean;
                  ZEEBE_GRPC_CLIENT_INITIAL_CONNECTION_TOLERANCE_MS: undefined | number;
                  ZEEBE_GRPC_CLIENT_MAX_RETRIES: number;
                  ZEEBE_GRPC_CLIENT_MAX_RETRY_TIMEOUT_SECONDS: number;
                  ZEEBE_GRPC_CLIENT_RETRY: boolean;
                  ZEEBE_GRPC_WORKER_LONGPOLL_SECONDS: number;
                  ZEEBE_GRPC_WORKER_POLL_INTERVAL_MS: number;
                  ZEEBE_INSECURE_CONNECTION: undefined | boolean;
              };
          },
      >;
  }
Returns OAuthProvider
- Defined in src/oauth/lib/OAuthProvider.ts:77

Properties

tokenCache

tokenCache: { [key: string]: Token } = {}

userAgentString

userAgentString: string

Methods

flushFileCache

flushFileCache(): void
Returns void
- Defined in src/oauth/lib/OAuthProvider.ts:280

flushMemoryCache

flushMemoryCache(): void
Returns void
- Defined in src/oauth/lib/OAuthProvider.ts:276

getHeaders

getHeaders(
audienceType: TokenGrantAudienceType,
): Promise<AuthHeader | { authorization: string }>
Called by the SDK to get the authentication headers for a specific audience. The audience is a string that identifies the API endpoint that the SDK is trying to access. The SDK will use the provided headers on requests to the Camunda 8 API endpoint.
Parameters
- audienceType: TokenGrantAudienceType
Returns Promise<AuthHeader | { authorization: string }>
A promise that resolves to an object containing the authentication headers.
Implementation of IHeadersProvider.getHeaders
- Defined in src/oauth/lib/OAuthProvider.ts:187

Class OAuthProvider

Example

Implements

Index

Constructors

Properties

Methods

Constructors

constructor

Parameters

Returns OAuthProvider

Properties

tokenCache

userAgentString

Methods

flushFileCache

Returns void

flushMemoryCache

Returns void

getHeaders

Parameters

Returns Promise<AuthHeader | { authorization: string }>

Settings

On This Page