Authorization rules are a special type of API client setting: at heart, authorization rules are a series of tests that a user (or, more correctly, a user's user account) must pass before he or she can be given an access token. The following videos show you how to configure Hosted Login's authorization rules and, equally important, give you an idea of what happens when a rule is triggered.
Running Time: 2:23
Running Time: 2:49
Indicates whether or not the user's email address has been verified.
Running Time: 2:35
Running Time: 2:08
Specifies the minimum age (in years) that the user must be before he or she can log on.
Running Time: 3:00
Specifies all the user profile attributes that must contain a non-null value before a user is allowed to log on.
Running Time: 3:05
Specifies the amount of time, in seconds, that a session can last before a user must re-authenticate. This is a per-device setting, and is enforced regardless of whether or not the user still has a valid access or refresh token.