Denied Reason - PingAuthorize

Page created: 17 Feb 2022 |

Page updated: 15 Dec 2022

| 1 min read

Product PingAuthorize 9.1 Content Type Product documentation Administration User task

Use denied-reason to allow a policy writer to provide an error message that contains the reason for denying a request.

Description Details

Description	Details
Applicable to	DENY decisions. Note: The `denied-reason` advice only applies to SCIM searches using the optimized search response authorization mode.
Additional information	The payload for Denied Reason advice is a JSON object string with the following fields: `status` – Contains the HTTP status code returned to the client. If this field is absent, the default status is 403 Forbidden. `message` – Contains a short error message returned to the client. `detail` (optional) – Contains additional, more detailed error information. The following example shows a possible response for a request made with insufficient scope `{"status":403, "message":"insufficient_scope", "detail":"Requested operation not allowed by the granted OAuth scopes."}`

Applicable to

DENY decisions.

Note:

The denied-reason advice only applies to SCIM searches using the optimized search response authorization mode.

Additional information

The payload for Denied Reason advice is a JSON object string with the following fields:

status – Contains the HTTP status code returned to the client. If this field is absent, the default status is 403 Forbidden.
message – Contains a short error message returned to the client.
detail (optional) – Contains additional, more detailed error information.

The following example shows a possible response for a request made with insufficient scope

{"status":403, "message":"insufficient_scope",
                        "detail":"Requested operation not allowed by the granted OAuth
                        scopes."}