curl --insecure --location --request POST 'https://localhost:7443/meme-game/api/v1/games' \
--header 'Authorization: Bearer { "active": true, "sub": "user.99@example.com" }' \
--header 'Content-Type: application/json' \
--data-raw '{
"data": {
"type": "game",
"attributes": {
"invitees": [
"user.99@example.com"
]
}
}
}'
You should receive an error response with a response status of 403
Forbidden
.
The request has an access token value of { "active": true, "sub":
"user.99@example.com" }
. The sub
field of the
access token corresponds to the
HttpRequest.AccessToken.subject
Trust Framework
attribute that your policy uses to make its decision.