Denied Reason - PingAuthorize

Denied Reason - PingAuthorize - 9.1

PingAuthorize

bundle

pingauthorize-91

ft:publication_title

PingAuthorize

Product_Version_ce

PingAuthorize 9.1

category

ContentType

Product

Productdocumentation

paz-91

pingauthorize

ContentType_ce

Product documentation

Use denied-reason to allow a policy writer to provide an error message that contains the reason for denying a request.

Description Details

Description	Details
Applicable to	DENY decisions. Note: The `denied-reason` advice only applies to SCIM searches using the optimized search response authorization mode.
Additional information	The payload for Denied Reason advice is a JSON object string with the following fields: `status` – Contains the HTTP status code returned to the client. If this field is absent, the default status is 403 Forbidden. `message` – Contains a short error message returned to the client. `detail` (optional) – Contains additional, more detailed error information. The following example shows a possible response for a request made with insufficient scope `{"status":403, "message":"insufficient_scope", "detail":"Requested operation not allowed by the granted OAuth scopes."}`

Applicable to

DENY decisions.

Note:

The denied-reason advice only applies to SCIM searches using the optimized search response authorization mode.

Additional information

The payload for Denied Reason advice is a JSON object string with the following fields:

status – Contains the HTTP status code returned to the client. If this field is absent, the default status is 403 Forbidden.
message – Contains a short error message returned to the client.
detail (optional) – Contains additional, more detailed error information.

The following example shows a possible response for a request made with insufficient scope

{"status":403, "message":"insufficient_scope",
                        "detail":"Requested operation not allowed by the granted OAuth
                        scopes."}