Summary of the issues to consider

The following table summarizes the issues to consider and the behavior of each auth flow regarding that issue. The last row of the table contains links to view more detailed information about the relevant auth flow.

Internal User External User Standalone service Service with Internal User Context Service with External User Context Service with Service Account Mapping
OAuth flow Authorization code flow Authorization code flow Client credential flow Client credential flow Client credential flow Client credential flow
Can each call have its own user attached to the session? Yes No (a single "external proxy user" is used for all relevant calls) No (a single "service proxy user" is used for all relevant calls) Yes No (a single "service proxy user" is used for all relevant calls) Yes
Where do authorization values come from? The IdP The IdP The service itself (endpoint access values only; resource access IDs are not applicable) The service itself The service itself The Guidewire configuration
Does Cloud API enforce resource access? Yes Yes

No

(The service is expected to enforce it.)

Yes Yes Yes
What are the resource access IDs? user names IDs for business data (such as policy numbers and account numbers) not applicable user names IDs for business data (such as policy numbers and account numbers) not applicable
For more information on this auth flow OAuth2 authorization code flow: Internal users OAuth2 authorization code flow: External users OAuth2 client credential flow: Standalone services OAuth2 client credential flow: Services with user context OAuth2 client credential flow: Services with user context OAuth2 client credential flow: Services with service account mapping