Summary of the issues to consider
The following table summarizes the issues to consider and the behavior of each auth flow regarding that issue. The last row of the table contains links to view more detailed information about the relevant auth flow.
Internal User | External User | Standalone service | Service with Internal User Context | Service with External User Context | Service with Service Account Mapping | |
---|---|---|---|---|---|---|
OAuth flow | Authorization code flow | Authorization code flow | Client credential flow | Client credential flow | Client credential flow | Client credential flow |
Can each call have its own user attached to the session? | Yes | No (a single "external proxy user" is used for all relevant calls) | No (a single "service proxy user" is used for all relevant calls) | Yes | No (a single "service proxy user" is used for all relevant calls) | Yes |
Where do authorization values come from? | The IdP | The IdP | The service itself (endpoint access values only; resource access IDs are not applicable) | The service itself | The service itself | The Guidewire configuration |
Does Cloud API enforce resource access? | Yes | Yes |
No (The service is expected to enforce it.) |
Yes | Yes | Yes |
What are the resource access IDs? | user names | IDs for business data (such as policy numbers and account numbers) | not applicable | user names | IDs for business data (such as policy numbers and account numbers) | not applicable |
For more information on this auth flow | OAuth2 authorization code flow: Internal users | OAuth2 authorization code flow: External users | OAuth2 client credential flow: Standalone services | OAuth2 client credential flow: Services with user context | OAuth2 client credential flow: Services with user context | OAuth2 client credential flow: Services with service account mapping |