Cotter
BlogDashboardGet help on Slack πŸ‘‹
Search…
0.1.0
πŸš€
Getting Started
Features & Concepts
πŸ“Œ
Quickstart Guides
All Guides & Tutorials
HTML – Sign in with Email/Phone
React – Sign in with Email/Phone
React – WebAuthn
β–² Next.js
Angular
Webflow
Bubble.io
Python SDK for a CLI
React Native – Sign in with Device
iOS – Sign in with Device
Flutter – Sign in with Device
πŸ“˜
SDK Reference
Web
React Native
Flutter
iOS
Android
Python (for CLI)
API for Other Mobile Apps or CLI
Backend: Handling Response
πŸ›‘οΈ Protecting Your Account
Only Allow Your Website/App to Use Your API Key
Rate Limit
Enable reCAPTCHA to Protect Against Automated Abuse
πŸ—οΈ Getting Access Token
Cotter's OAuth 2.0 Tokens Specification
Getting the Tokens
Storing and Removing Tokens
Renewing Expired Tokens
Verifying JWT Tokens
Requesting Custom Fields on your JWT Token
Older API
Using HTTP Requests
Getting the Tokens
During Authentication
During Email/Phone Verification
During enrolling Trusted Devices
πŸ”Œ
API Reference
User API
OAuth Tokens API
OAuth Tokens from Social Login
Event Object
Reset PIN API
Older API
Validating Cotter's Identity Token
Validating Cotter's Event Response
Powered By GitBook
During Authentication
When you are authenticating users using Trusted Devices, Biometric or Pin, Cotter allows you to optionally request OAuth Tokens to be returned in addition to the Event token. The authentication_method specified will be either TRUSTED_DEVICE, BIOMETRIC or PIN.

Trusted Device Authentication

React Native SDK
Other SDKs (coming soon)
In the React Native SDK, you would follow this guide to request authentication using Trusted Devices. When the user successfully authenticated, either from a Trusted Device or when the user approved a login from a Non-Trusted Device, you would receive a JSON Response about the event and a signature.​
To also receive OAuth Tokens, modify your code by adding getOAuthToken = true in the parameters:
1
// Requesting an authentication using Cotter
2
var cotter = new Cotter(
3
<API_KEY_ID>,
4
userID,
5
);
6
cotter.trustedDevice.requestAuth(
7
'EVENT NAME',
8
this.onRequestSuccess,
9
this.onRequestError,
10
{}, // Add customization here, or leave as {}
11
(getOAuthToken = true), // πŸ‘ˆ Add this parameter
12
);
Copied!
In the onRequestSuccess, you'll receive the following response:
1
{
2
"CreatedAt": "2020-04-06T22:21:45.614843-07:00",
3
"DeletedAt": null,
4
"ID": 495,
5
"UpdatedAt": "2020-04-06T22:21:45.614843-07:00",
6
"approved": true,
7
"client_user_id": "xyzABC123",
8
"event": "LOGIN",
9
"ip": "73.15.208.6",
10
"issuer": "<your API KEY ID>",
11
"location": "Orinda",
12
"method": "TRUSTED_DEVICE",
13
"new": false,
14
"signature": "jiUHTm2zBcbkIYNbZ6...",
15
"timestamp": "1586236905",
16
17
"oauth_token": { // πŸ‘ˆ NEW OAuth Tokens
18
"access_token": "eyJhbGciOiJFUzI1N...",
19
"auth_method": "TRUSTED_DEVICE",
20
"expires_in": 3600,
21
"id_token": "eyJhbGciOiJFUzI1Ni...",
22
"refresh_token": "96:ukrYGIisImyKXwKTR1tIuiR...",
23
"token_type": "Bearer"
24
}
25
}
Copied!
Cotter's React Native SDK automatically store your tokens securely inside the device's secure storage.
We'll add support for JS, Android and iOS soon πŸ˜‰. Stay tuned!
Tokens must be stored securely within your application.

Getting and Removing tokens from the Storage

You need to pass the access_token to your backend server on every API calls. You also need to remove the tokens from storage to log out your users. Check out how to do that here:

Renewing Expired Tokens

Access tokens and ID tokens expires in 1 hour. When they're expired, you need to use the refresh_token to get new tokens. Check out how to renew expired tokens:
Previous
Getting the Tokens
Next
During Email/Phone Verification
Last modified 2yr ago
Copy link
Contents
Trusted Device Authentication
Getting and Removing tokens from the Storage
Renewing Expired Tokens