Now that we have confirmed that PingAuthorize Server is correctly configured to act as a reverse proxy to the Meme Game API, we can define a policy to try out its access control capabilities. This policy will accept or deny a request to create a game based on the identity making the request.
First, we define a service in the Trust Framework. Services have various uses, but at their most basic level, you use them to define a specific API that can be governed by your policies. By defining different services in your Trust Framework, you can target each policy specifically to their applicable APIs.
Then, we define a policy. This policy will reject any requests to start a new meme
game if the user's identifier ends with @example.com
. We will
identify users using the subject of the request's access token.
-
Define the service.
-
Define the policy.