@post-authorization

Variant of @post-execute for @authorization which is only executed for authorization requests. This is executed regardless of whether the main @authorization pipeline accepted or rejected the request, but is skipped if the @pre-authorization pipeline rejected the request.

Note: The @ prefix is required for pipeline blocks. The legacy syntax without @ (e.g., post-authorization {}) is deprecated and emits warnings. Use @post-authorization {} for new configurations.

Result of this pipeline is ignored; it cannot change the outcome of the request. However, it can modify the reply attributes, log information, or perform other side effects.

See also

• Execution context - Available variables
• Actions - Available actions
• Pipeline directives - Control flow

Example

@post-authorization {
    if all {
        aaa.result == "Accept";
    } then {
        log {
            message "User authorized";
            context {
                username user.username;
            }
        }
    }
}