User impersonation in the WorkflowGen GraphQL API is supported but not recommended, and should be used only when no other technical solutions are possible. (For example, OpenID Connect-based authentication methods allow you to use access tokens to perform API operations on the client and server sides without impersonation.)
System operations allowed users can impersonate another WorkflowGen user account by setting this account’s username as the value of the x-wfgen-impersonate-username
HTTP request header.
This request header can be renamed according to your naming convention. You can specify a new header name in the GraphqlImpersonateUserNameHttpHeader
setting in the \wfgen\web.config
file (e.g. <add key="GraphqlImpersonateUserNameHttpHeader" value="my-custom-impersonate-username" />
).
To give or withdraw system operations rights to or from specific users, refer to the System operations allowed users setting in the Security section on the General tab of the Configuration Panel; alternately, you can edit the ProcessesRuntimeWebServiceAllowedUsers
setting in the \wfgen\web.config
file.