Description Details

Applicable to

DENY decisions.


The denied-reason advice only applies to SCIM searches using the optimized search response authorization mode.

Additional information

The payload for Denied Reason advice is a JSON object string with the following fields:

  • status – Contains the HTTP status code returned to the client. If this field is absent, the default status is 403 Forbidden.
  • message – Contains a short error message returned to the client.
  • detail (optional) – Contains additional, more detailed error information.

The following example shows a possible response for a request made with insufficient scope

{"status":403, "message":"insufficient_scope", "detail":"Requested operation not allowed by the granted OAuth scopes."}