I have an application with multiple CSHS published as URLs. One of these CSHS is a front end that all the users can go to where they can find the list of available "published" CSHS.
Right now to get the list of published CSHS, from BPM I run a REST call (with an External Service) to BPM itself using a "superuser" account that queries '/rest/bpm/wle/v1/exposed/service' and extracts the URLs, etc
It happens that some of my users don't have access to all the published resources : but since the query is not done with the end-user account itself, some end-users see more than they should (no security issue, when they click on the link, BPM says they are not allowed).
So the best would be querying BPM REST API using the same ID that the users used to get in. But I don't see how I could "transfer" the BPM credentials to the External Service query.