The authRule_verifyEmail screen (Hosted Login v1)

The authRule_verifyEmail screen appears if:

  1. An authorization rule has been implemented that requires a user to have verified their email address before they can log on.
  2. The user has not yet verified their email address.

If the authorization.rules.email_is_verified authorization rule has been enabled:

  1. A user signs in and is authenticated.
  2. Before the user is issued an access token, the Identity Cloud checks the user profile to see if the email attribute and the emailVerified attribute both have values:
    • If the answer is “yes,” the user is issued an access token and is fully logged on.
    • If the answer is “no,” the authRule_verifyEmail screen is displayed. The user must supply their email address and click Send; the Identity Cloud then sends an email verification link to that address. After the email address has been verified, the user can return to the site and log on.

      Note that, if the user has supplied an email address but the address hasn’t been verified, that address will appear in the Email Address field.

Incidentally, authorization rules are processed in the following order:

  1. authorization.rules.required_attributes 
  2. authorization.rules.min_age 
  3. authorization.rules.legal_acceptances
  4. authorization.rules.consents 
  5. authorization.rules.email_is_verified

Authorization Rules Screen Flow

The following graphic shows how the authRule_verifyEmail screen fits into the Authorization Rules flow.

Verify Email Address Authorization Rule Screen: Technical Documentation