PingAuthorize

Testing that the policy blocks Youngstown users

You can test the new rule with cURL or Postman.

Steps

  1. Issue a GET request to https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 as user.0. The following cURL command makes such a request.

    curl --insecure -X GET \
      https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 \
      -H 'Authorization: Bearer {"active": true, "sub": "user.0"}'

    Result:

    A 200 OK response with the following body.

    {
    	"data": {
        	"id": "1",
        	"type": "answers",
        	"attributes": {
            	"url": "https://i.imgflip.com/2fm6x.jpg",
            	"captions": [
                	"Still waiting for the bus to Jennie’s"
            	],
            	"rating": null,
            	"created_at": "2020-05-06T22:25:06+00:00"
        	}
    	},
    	"meta": {}
    }
  2. Issue a GET request to https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 as user.660. The following cURL command makes such a request.

    curl --insecure -X GET \
      https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 \
      -H 'Authorization: Bearer {"active": true, "sub": "user.660"}'

    Result:

    The user is from Youngstown, so the result is a 403 Forbidden response with the following body.

    {
    	"errorMessage": "Access Denied",
    	"status": 403
    }