Conclusion
In this tutorial, you allowed users to access the meme game’s shared answers functionality through PingAuthorize. Following a request from government authorities, you blocked users from the town of Youngstown, Ohio from viewing memes intended for audiences aged 13 or older. In doing so, you learned about the PingAuthorize ability to control access to resources based on attributes of both the requesting user and the resource being requested. You also learned how to use statements to modify response bodies.
You also learned:
-
Policies can apply to outbound upstream server API responses before they are sent to the API client.
-
HttpRequest.ResponseBody
is the upstream server API response body before it is sent to the client. -
Attributes that cannot be resolved because of any reason, including processing errors, might impact policy outcomes.
-
PingAuthorize supplies the user profile of the access token subject as the Trust Framework attribute
TokenOwner
. -
You must populate the child attributes of the
TokenOwner
that you want to use in a policy. -
Many attributes in LDAP are multivalued.
-
Statements are used to modify the API response in some way.
-
In this case,
denied-reason
was used to set the HTTP status code and message body.