When you are authenticating users using Trusted Devices, Biometric or Pin, Cotter allows you to optionally request OAuth Tokens to be returned in addition to the Event token. The authentication_method
specified will be either TRUSTED_DEVICE
, BIOMETRIC
or PIN
.
In the React Native SDK, you would follow this guide to request authentication using Trusted Devices. When the user successfully authenticated, either from a Trusted Device or when the user approved a login from a Non-Trusted Device, you would receive a JSON Response about the event and a signature.
To also receive OAuth Tokens, modify your code by adding getOAuthToken = true
in the parameters:
// Requesting an authentication using Cottervar cotter = new Cotter(<API_KEY_ID>,userID,);cotter.trustedDevice.requestAuth('EVENT NAME',this.onRequestSuccess,this.onRequestError,{}, // Add customization here, or leave as {}(getOAuthToken = true), // 👈 Add this parameter);
In the onRequestSuccess
, you'll receive the following response:
{"CreatedAt": "2020-04-06T22:21:45.614843-07:00","DeletedAt": null,"ID": 495,"UpdatedAt": "2020-04-06T22:21:45.614843-07:00","approved": true,"client_user_id": "xyzABC123","event": "LOGIN","ip": "73.15.208.6","issuer": "<your API KEY ID>","location": "Orinda","method": "TRUSTED_DEVICE","new": false,"signature": "jiUHTm2zBcbkIYNbZ6...","timestamp": "1586236905","oauth_token": { // 👈 NEW OAuth Tokens"access_token": "eyJhbGciOiJFUzI1N...","auth_method": "TRUSTED_DEVICE","expires_in": 3600,"id_token": "eyJhbGciOiJFUzI1Ni...","refresh_token": "96:ukrYGIisImyKXwKTR1tIuiR...","token_type": "Bearer"}}
Cotter's React Native SDK automatically store your tokens securely inside the device's secure storage.
We'll add support for JS, Android and iOS soon 😉. Stay tuned!
Tokens must be stored securely within your application.
You need to pass the access_token
to your backend server on every API calls. You also need to remove the tokens from storage to log out your users. Check out how to do that here:
Access tokens and ID tokens expires in 1 hour. When they're expired, you need to use the refresh_token
to get new tokens. Check out how to renew expired tokens: