Has anybody tried or gone-live with B2C Scenarios for apps deployed on HCP and consuming services from GW ? It would be interesting to know challenges and approach.
For e.g. an app for consumer loyalty management that retrieves data from SAP CRM.
I assume the architecture would be that each consumer would be a user in the HCP IDP whereas the OData service would be consumed via a fixed user in backend GW configured in the desination service.
If so, throws up a challenge on retrieving consumer specific info from the backend. We cannot use an attribute filter like customer=1234 as this can be easily observed in the browser and also changed. As we dont have the end user as a user in backend, we cannot check authorization as well.
Another option could be to app -> HCP service -> GW service. The HCP service could then find out the current user and pass this info to the GW service.the app never calls the GW service. In this case, we would have to ensure GW service is only invoked by HCP and cannot be reached via the app.
Regards,
Parag.