In this tutorial, you allowed users to access the meme game's shared answers functionality through PingAuthorize. Following a request from government authorities, you blocked users from the town of Youngstown, Ohio from viewing memes intended for audiences aged 13 or older. In doing so, you learned about the PingAuthorize ability to control access to resources based on attributes of both the requesting user and the resource being requested. You also learned how to use advice to modify response bodies.
You also learned:
- Policies can apply "outbound"--upstream server API responses before they are sent to the API client.
- HttpRequest.ResponseBody is the upstream server API response body before it is sent to the client.
- Attributes that cannot be resolved because of any reason including processing errors might impact policy outcomes.
- PingAuthorize supplies the user profile of access token subject as the Trust Framework
- You must populate the child attributes of the
TokenOwnerthat you want to use in policy.
- Many attributes in LDAP are multivalued.
- Advice are the mechanism to modify the API response in some way.
- In this case, denied-reason was used to set the HTTP status code and message body.