You can test the new policy with cURL or Postman.
-
Issue a GET request to
https://localhost:7443/meme-game/api/v1/users/user.0/answers/1
. The following cURL command makes such a request.curl --insecure -X GET \ https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 \ -H 'Authorization: Bearer {"active": true, "sub": "user.0"}'
You should get a 403 Forbidden response with the following body.{ "errorMessage": "Access Denied", "status": 403 }