Use denied-reason
to allow a policy writer to provide an error
message that contains the reason for denying a request.
Description | Details |
---|---|
Applicable to |
DENY decisions Note:
The Denied Reason statement only applies to SCIM searches using the optimized search response authorization mode. |
Additional information |
The payload for Denied Reason statements is a JSON object string with the following fields:
The following example shows a possible response for a request made with insufficient scope {"status":403, "message":"insufficient_scope", "detail":"Requested operation not allowed by the granted OAuth scopes."} |