Channels QuickStart

In order to instantiate a ZeebeWorker or ZeebeClient you will need to provide an instance of a grpc.aio.Channel. This Channel can be configured with the parameters channel_credentials and channel_options.

Insecure

For creating a grpc channel connected to a Zeebe Gateway with tls disabled, your can use the create_insecure_channel().

Example:

from pyzeebe import create_insecure_channel

channel = create_insecure_channel(grpc_address="localhost:26500")

Secure

Create a grpc channel with a secure connection to a Zeebe Gateway with tls used the create_secure_channel().

Example:

import grpc
from pyzeebe import create_secure_channel


credentials = grpc.ssl_channel_credentials(root_certificates="<root_certificate>", private_key="<private_key>")
channel = create_secure_channel(grpc_address="host:port", channel_credentials=credentials)

Oauth2 Client Credentials Channel

Create a grpc channel with a secure connection to a Zeebe Gateway with authorization via O2Auth (Camunda Self-Hosted with Identity, for example) used the create_oauth2_client_credentials_channel().

Note

Some arguments are Optional and are highly dependent on your Authentication Server configuration, scope is usually required and is often optional audience .

Example:

import grpc
from pyzeebe import create_oauth2_client_credentials_channel

channel = create_oauth2_client_credentials_channel(
    grpc_address=ZEEBE_ADDRESS,
    client_id=ZEEBE_CLIENT_ID,
    client_secret=ZEEBE_CLIENT_SECRET,
    authorization_server=ZEEBE_AUTHORIZATION_SERVER_URL,
    scope="profile email",
    audience="zeebe-api", # NOTE: Can be omitted in some cases.
)

Example with custom channel_options:

import grpc
from pyzeebe import create_oauth2_client_credentials_channel
from pyzeebe.types import ChannelArgumentType

channel_options: ChannelArgumentType  = (("grpc.so_reuseport", 0),)

channel = create_oauth2_client_credentials_channel(
    grpc_address=ZEEBE_ADDRESS,
    client_id=ZEEBE_CLIENT_ID,
    client_secret=ZEEBE_CLIENT_SECRET,
    authorization_server=ZEEBE_AUTHORIZATION_SERVER_URL,
    scope="profile email",
    audience="zeebe-api",
    channel_options=channel_options,
)

Example with custom channel_credentials:

Useful for self-signed certificates with grpc.ssl_channel_credentials().

import grpc
from pyzeebe import create_oauth2_client_credentials_channel
from pyzeebe.types import ChannelArgumentType

channel_credentials = grpc.ssl_channel_credentials(
    root_certificates="<root_certificate>", private_key="<private_key>"
)
channel_options: ChannelArgumentType  = (("grpc.so_reuseport", 0),)

channel = create_oauth2_client_credentials_channel(
    grpc_address=ZEEBE_ADDRESS,
    client_id=ZEEBE_CLIENT_ID,
    client_secret=ZEEBE_CLIENT_SECRET,
    authorization_server=ZEEBE_AUTHORIZATION_SERVER_URL,
    scope="profile email",
    audience="zeebe-api",
    channel_credentials=channel_credentials,
    channel_options=channel_options,
)

This method use the Oauth2ClientCredentialsMetadataPlugin under the hood.

Camunda Cloud (Oauth2 Client Credentials Channel)

Create a grpc channel with a secure connection to a Camunda SaaS used the create_camunda_cloud_channel().

Note

This is a convenience function for creating a channel with the correct parameters for Camunda Cloud. It is equivalent to calling create_oauth2_client_credentials_channel with the correct parameters.

Example:

from pyzeebe import create_camunda_cloud_channel

channel = create_camunda_cloud_channel(
    client_id=ZEEBE_CLIENT_ID,
    client_secret=ZEEBE_CLIENT_SECRET,
    cluster_id=CAMUNDA_CLUSTER_ID,
)

This method use the Oauth2ClientCredentialsMetadataPlugin under the hood.

Configuration

It is possible to omit any arguments to the channel initialization functions and instead provide environment variables. See Channels Configuration for additional details.

Custom Oauth2 Authorization Flow

If your need another authorization flow, your can create custom plugin used OAuth2MetadataPlugin.