Page created: 9 Feb 2021 |
Page updated: 10 Aug 2021
PingAuthorize can change a server response based on the resource owner's consent to share.
This feature is useful for:
- Data control
- Information security
- Resource management
Again, we continue using the meme games API used in Getting started with PingAuthorize (tutorials).
We first set up some Trust Framework attributes and services to provide consent status. Then we create a policy with rules that use the consent status to include, exclude, or modify attributes in the response. The following topics cover the Trust Framework tasks. If you completed Use case: Using consent to determine access to a resource, you have already finished the tasks of setting up Trust Framework attributes and services. Those tasks are the same for both use cases.
- Getting a path component from the request URL
- Getting the requestor identifier from the access token
- Searching for consent by resource owner to requestor
- Getting consent status from the consent record
What is different for this use case is the policy itself. The following topic explains how to add rules with advices to include, exclude, or modify attributes in the response.
Creating a policy to check consent and then change the server response