Page created: 26 Jul 2021
|
Page updated: 17 Feb 2022
In this tutorial, you allowed users to access the meme game's shared answers functionality through PingAuthorize. Following a request from government authorities, you blocked users from the town of Youngstown, Ohio from viewing memes intended for audiences aged 13 or older. In doing so, you learned about the PingAuthorize ability to control access to resources based on attributes of both the requesting user and the resource being requested. You also learned how to use advice to modify response bodies.
You also learned:
- Policies can apply to outbound upstream server API responses before they are sent to the API client.
HttpRequest.ResponseBodyis the upstream server API response body before it is sent to the client.- Attributes that cannot be resolved because of any reason, including processing errors, might impact policy outcomes.
- PingAuthorize supplies the user profile of the access
token subject as the Trust Framework attribute
TokenOwner. - You must populate the child attributes of the
TokenOwnerthat you want to use in a policy. - Many attributes in LDAP are multivalued.
- Advice is used to modify the API response in some way.
- In this case,
denied-reasonwas used to set the HTTP status code and message body.