PingAccess

Creating policies to validate and authorize the access token

Create policies to validate the access token and determine authorization requirements.

Steps

  1. In the PingAuthorize Policy Editor, go to the Policies tab.

  2. Go to the Global Decision Endpoint section and create a new policy called Token Validation.

  3. In the Rules section, in the Combining Algorithm list, select Unless one decision is deny, the decision will be permit.

  4. In the Rules section, add an Access token is inactive rule:

    1. In the Applies to section, select Add definitions and targets, or drag from components and All requests.

    2. In the When section, map the following:

      1. Select All, then select TokenActive, Equals, and False.

      2. Select Any, then set Any Inbound Request to is True, and Any SCIM or OpenBanking Request to is True.

        Screen capture of an example Access token is inactive rule.

  5. In the Statements section:

    1. Add an Invalid Token statement:

      1. In the Code field, enter denied-reason.

      2. In the Applies To field, enter Deny.

      3. In the Applies If field, enter All decisions in path match.

      4. In the Payload field, enter {"status":401, "message":"invalid_token","detail":"Access token is expired or otherwise invalid"}.

      5. Make sure the Obligatory checkbox is selected.

  6. Click Save.