@authorization

Variant of @execute which is only executed for authorization requests. On authenticating servers this is executed after successful authentication pipeline on non-accounting requests. Rejecting from this pipeline will reject the request immediately.

Note: The @ prefix is required for pipeline blocks. The legacy syntax without @ (e.g., authorization {}) is deprecated and emits warnings. Use @authorization {} for new configurations.

See also

• Execution context - Available variables
• Actions - Available actions
• Pipeline directives - Control flow

Example

@authorization {
    if any {
        user.group == ["administrators"];
        user.group == ["power-users"];
    } then {
        accept;
    } else {
        reject;
    }
}