Demonstrate access control for specific API operations by signing on as users with
different permissions.
To act as a user, you’ll use Postman’s built-in ability to do OpenID Connect (OIDC)
An authentication protocol built on top of OAuth that authenticates users and enables clients
(relying parties) of all types to request and receive information about authenticated
sessions and users. OIDC is extensible, allowing clients to use optional features such
as encryption of identity data, discovery of OpenID Providers (OAuth authorization
servers), and session management. sign-on. Sign on as the game administrator and get an
access token
A data object by which a client authenticates to a resource server and lays claim to
authorizations for accessing particular resources. to allow Postman to act as the administrator.
Then, repeat this for the game player. You’ll demonstrate access control by sending
a request to review submitted memes as the administrator and then as the player.