Testing that the policy blocks Youngstown users
You can test the new rule with cURL or Postman.
Steps
-
Issue a GET request to
https://localhost:7443/meme-game/api/v1/users/user.0/answers/1
asuser.0
. The following cURL command makes such a request.curl --insecure -X GET \ https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 \ -H 'Authorization: Bearer {"active": true, "sub": "user.0"}'
Result:
A
200 OK
response with the following body.{ "data": { "id": "1", "type": "answers", "attributes": { "url": "https://i.imgflip.com/2fm6x.jpg", "captions": [ "Still waiting for the bus to Jennie’s" ], "rating": null, "created_at": "2020-05-06T22:25:06+00:00" } }, "meta": {} }
-
Issue a GET request to
https://localhost:7443/meme-game/api/v1/users/user.0/answers/1
asuser.660
. The following cURL command makes such a request.curl --insecure -X GET \ https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 \ -H 'Authorization: Bearer {"active": true, "sub": "user.660"}'
Result:
The user is from Youngstown, so the result is a
403 Forbidden
response with the following body.{ "errorMessage": "Access Denied", "status": 403 }