To create a policy that meets your business requirements, you’ll need two attributes:

  • To determine whether the user’s email address comes from a generic domain, you’ll use the built-in PingOne user email address attribute for the user authenticated to the application.
  • To determine whether the user is inviting others to play the Meme Game, you’ll create an attribute in the Trust Framework for the invitee list of other game players. You'll extract the invitee list from the API request body.
  1. In PingOne, go to Authorization > Trust Framework and click the Attributes tab.
  2. Click the + icon and select Add new Attribute.
  3. For the attribute Name, enter New game invitee list.
  4. Verify that there is no Parent selected. If a parent exists, click the Delete icon to remove it.
  5. In the Resolvers section, click + Add Resolver.
  6. For the Resolver Type, select Attribute.
  7. For Select an attribute, select PingOne > API Access Management > HTTP > Request > Body.

    This resolver returns the decision request body. For more information, see Resolvers.

    Screen capture showing a Resolver type of Attribute with the PingOne.API Access Management.HTTP.Request.Body attribute.
  8. Click Value Processors and then click + Add Processor.
  9. Make sure the Processor type is JSON Path.
  10. Enter $.data.attributes.invitees in the input box for the JSON Path Processor.
  11. For Value Type, select Collection.

    This processor extracts the invitee list from the decision request body. For more information, see Processors.

    Screen capture showing a JSON Path processor with a value of $.data.attributes.invitees and a Value type of Collection.
  12. For Value Settings:
    1. Select the Default value check box, and then enter open and closing brackets ([]) for the default value.

      This sets the default value to an empty collection, ensuring that the attribute resolves successfully if the invitee list is empty. For more information, see Value settings.

    2. For the Type, select Collection.
      Screen capture showing a Default value of open and closing brackets and a Type of Collection for Value Settings.
  13. Click Save Changes.

You’ve added an attribute in the Trust Framework for the invitee list of other game players.

Next, you'll put everything together in a custom policy that authorizes the specific conditions under which a user can start a game.