__debug=policyyou can pass to every Aidbox request. It will toggle debug mode for Request Authorization Layer, and in this mode instead of actual response client will get an object containing:
x-debug: policyrequest header
x-debug: policyheader, details of access policy evaluation will be logged.
suheader allows to switch user on behalf of whom request is executed. Use
su=<user/client id>to check how access control works for that user.
suheader functionality can be enabled with
POST /auth/test-policyto design policy without creating an AccessPolicy resource and for different users and clients. Post on the
/auth/test-policywith a simulated request attribute (you can provide existing
client-id— Aidbox will find and populate request) and temporal policy in the policy attribute. If you want to test JWT auth, put your token in the
Bearerprefix — the token will be parsed and its claims appear in the
request.jwt. JWT in a header is parsed but not validated. This allows you to test JWT policy without TokenIntrospector registration.