Ctrl + K
DocumentationLog inGet started

guidewire-install-auth

tessl install github:jeremylongshore/claude-code-plugins-plus-skills --skill guidewire-install-auth
github.com/jeremylongshore/claude-code-plugins-plus-skills

Install and configure Guidewire InsuranceSuite development environment and Cloud API authentication. Use when setting up a new Guidewire integration, configuring OAuth2 credentials, registering with Guidewire Hub, or initializing Guidewire Studio. Trigger with phrases like "install guidewire", "setup guidewire", "guidewire auth", "configure guidewire API", "guidewire cloud credentials".

Review Score

81%

Validation Score

13/16

Implementation Score

65%

Activation Score

100%

Guidewire Install & Auth

Overview

Set up Guidewire InsuranceSuite development environment and configure Cloud API authentication with Guidewire Hub using OAuth2 and JWT tokens.

Prerequisites

  • JDK 11 or 17 (Guidewire Cloud 202503+ requires JDK 17)
  • Gradle 7.x or 8.x
  • Guidewire Cloud account with developer access
  • Access to Guidewire Cloud Console (GCC)
  • Guidewire Hub registration for your application

Instructions

Step 1: Install Development Tools

# Verify Java installation
java -version
# Required: openjdk 17.x or 11.x

# Install Gradle if needed
sdk install gradle 8.5

# Clone your InsuranceSuite configuration repository
git clone https://your-org@dev.azure.com/your-org/PolicyCenter/_git/PolicyCenter
cd PolicyCenter

Step 2: Configure Guidewire Studio

# Set environment variables
export GW_HOME=/path/to/guidewire/installation
export JAVA_HOME=/path/to/jdk17

# Import project into IntelliJ IDEA (recommended IDE)
# File > Open > Select the build.gradle file

Step 3: Register Application with Guidewire Hub

  1. Log into Guidewire Cloud Console (GCC) at https://gcc.guidewire.com
  2. Navigate to Identity & Access > Applications
  3. Click Register Application
  4. Select application type:
    • Browser Application - For Jutro frontends (OAuth2 Authorization Code flow)
    • Service Application - For backend integrations (OAuth2 Client Credentials flow)
  5. Record the client_id and client_secret

Step 4: Configure OAuth2 Credentials

# Create environment configuration
cat > .env << 'EOF'
# Guidewire Cloud API Configuration
GW_TENANT_ID=your-tenant-id
GW_CLIENT_ID=your-client-id
GW_CLIENT_SECRET=your-client-secret
GW_HUB_URL=https://hub.guidewire.com
GW_API_BASE_URL=https://your-tenant.cloud.guidewire.com

# Application endpoints
POLICYCENTER_URL=${GW_API_BASE_URL}/pc/rest
CLAIMCENTER_URL=${GW_API_BASE_URL}/cc/rest
BILLINGCENTER_URL=${GW_API_BASE_URL}/bc/rest
EOF

Step 5: Obtain Access Token (Service Application)

// TypeScript/Node.js - OAuth2 Client Credentials Flow
import axios from 'axios';

interface TokenResponse {
  access_token: string;
  token_type: string;
  expires_in: number;
}

async function getAccessToken(): Promise<string> {
  const tokenUrl = `${process.env.GW_HUB_URL}/oauth/token`;

  const response = await axios.post<TokenResponse>(tokenUrl,
    new URLSearchParams({
      grant_type: 'client_credentials',
      client_id: process.env.GW_CLIENT_ID!,
      client_secret: process.env.GW_CLIENT_SECRET!,
      scope: 'pc.policies cc.claims bc.billing'
    }),
    {
      headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
    }
  );

  return response.data.access_token;
}

Step 6: Verify Connection

// Test API connection
async function verifyConnection(): Promise<void> {
  const token = await getAccessToken();

  const response = await axios.get(
    `${process.env.POLICYCENTER_URL}/common/v1/system-info`,
    {
      headers: {
        'Authorization': `Bearer ${token}`,
        'Content-Type': 'application/json'
      }
    }
  );

  console.log('Connected to PolicyCenter:', response.data);
}

Gosu Authentication (Server-Side)

// Gosu - Internal authentication for plugins
uses gw.api.system.server.ServerUtil
uses gw.api.web.SessionUtil

class AuthHelper {
  static function getAuthenticatedUser() : User {
    return SessionUtil.CurrentUser
  }

  static function runAsSystemUser<T>(block() : T) : T {
    return ServerUtil.runAsSystemUser(\-> block())
  }
}

Output

  • Configured Guidewire Studio project
  • OAuth2 credentials in environment variables
  • Verified connection to Cloud API endpoints
  • JWT token acquisition working

Error Handling

ErrorCauseSolution
invalid_clientWrong client credentialsVerify client_id and secret in GCC
invalid_scopeUnauthorized scope requestedCheck API role assignments in GCC
401 UnauthorizedExpired or invalid tokenRefresh token, check clock sync
403 ForbiddenMissing API role permissionsAssign appropriate API roles in GCC
PKIX path building failedSSL certificate issueImport Guidewire CA certificates

API Roles Configuration

Configure in Guidewire Cloud Console:

# Recommended API roles for service applications
api_roles:
  - PolicyCenter:
      - pc_policy_admin
      - pc_submission_handler
      - pc_product_read
  - ClaimCenter:
      - cc_claim_admin
      - cc_fnol_handler
  - BillingCenter:
      - bc_billing_admin
      - bc_payment_handler

Examples

Complete TypeScript Client Setup

import axios, { AxiosInstance } from 'axios';

class GuidewireClient {
  private token: string | null = null;
  private tokenExpiry: Date | null = null;
  private httpClient: AxiosInstance;

  constructor(
    private clientId: string,
    private clientSecret: string,
    private hubUrl: string,
    private apiBaseUrl: string
  ) {
    this.httpClient = axios.create({
      baseURL: apiBaseUrl,
      timeout: 30000
    });
  }

  private async ensureToken(): Promise<string> {
    if (this.token && this.tokenExpiry && this.tokenExpiry > new Date()) {
      return this.token;
    }

    const response = await axios.post(`${this.hubUrl}/oauth/token`,
      new URLSearchParams({
        grant_type: 'client_credentials',
        client_id: this.clientId,
        client_secret: this.clientSecret
      })
    );

    this.token = response.data.access_token;
    this.tokenExpiry = new Date(Date.now() + (response.data.expires_in - 60) * 1000);
    return this.token;
  }

  async request<T>(method: string, path: string, data?: any): Promise<T> {
    const token = await this.ensureToken();
    const response = await this.httpClient.request<T>({
      method,
      url: path,
      data,
      headers: {
        'Authorization': `Bearer ${token}`,
        'Content-Type': 'application/json'
      }
    });
    return response.data;
  }
}

// Usage
const client = new GuidewireClient(
  process.env.GW_CLIENT_ID!,
  process.env.GW_CLIENT_SECRET!,
  process.env.GW_HUB_URL!,
  process.env.POLICYCENTER_URL!
);

Resources

  • Guidewire Developer Portal
  • Cloud API Authentication
  • Guidewire Hub Registration
  • Guidewire Cloud Console

Next Steps

After successful auth, proceed to guidewire-hello-world for your first API calls.