You can test the new policy with cURL or Postman.
Issue a GET request to
https://localhost:7443/meme-game/api/v1/users/user.0/answers/1
.
The following cURL command makes such a request.
curl --insecure -X GET \
https://localhost:7443/meme-game/api/v1/users/user.0/answers/1 \
-H 'Authorization: Bearer {"active": true, "sub": "user.0"}'
You should get a 403 Forbidden response with the following
body.
{
"errorMessage": "Access Denied",
"status": 403
}