PingAuthorize

Denied Reason

Use denied-reason to allow a policy writer to provide an error message that contains the reason for denying a request.

Description Details

Applicable to

DENY decisions.

The denied-reason advice only applies to SCIM searches using the optimized search response authorization mode.

Additional information

The payload for Denied Reason advice is a JSON object string with the following fields:

  • status – Contains the HTTP status code returned to the client. If this field is absent, the default status is 403 Forbidden.

  • message – Contains a short error message returned to the client.

  • detail (optional) – Contains additional, more detailed error information.

The following example shows a possible response for a request made with insufficient scope\{"status":403, "message":"insufficient_scope", "detail":"Requested operation not allowed by the granted OAuth scopes."}