Learn how to add and test a custom policy in PingOne Authorize that uses API attributes.
It’s time to put the previous steps together into a policy that addresses your business requirements. So far, you’ve defined an API operation that matches API requests used to start a new game, you have a built-in attribute for the authenticated user’s email address, and you’ve created an attribute in the Trust Framework for the invitee list of other game players. Now, you’ll create and test a policy that compares these three components to authorize the specific conditions under which a user can start a game.
Your business requirements:
- A user from a generic domain can play the game alone, to see how it works.
- A user from a generic domain cannot invite others to play with them.
- A user from a non-generic domain can play with or without inviting other players.
Your policy uses rules that compare the user’s email address to the invitee list of other game players to meet requirements for the conditions under which a user can start a new game.
Next, you’ll test the end-to-end use case for starting new games by using Postman to simulate API requests from the Meme Game application.