Our Android SDK offers the easiest way to integrate "Sign in with device" to your android app. You can simply call a function and it does most of the heavy lifting and authentication for you.
You can now use the SDK to enroll and verify Trusted Devices for the user you just created.
In your MainActivity, initialize Cotter with API keys, Cotter's URL to use (prod/test), and your User ID.
Production Endpoint: https://www.cotter.app/api/v0
Cotter.init(
this.getApplicationContext(),
"https://www.cotter.app/api/v0",
"<User ID>", // fill with empty string for Verify EMAIL & PHONE
"<API_KEY_ID>",
"<API_SECRET_KEY>" // fill with empty string for Verify EMAIL & PHONE
);
Step 5: Register this device as a Registered Device
Right after your user finished their registration to your app, you should automatically register the device as a Trusted Device (or prompt your user if they want to make this device as a Trusted Device).
To enroll the current device as a TrustedDevice:
TrustedDeviceHelper.enrollDevice(this, new Callback() {
@Override
public void onSuccess(JSONObject result) {
Toast.makeText(getApplicationContext(), result.toString(), Toast.LENGTH_SHORT).show();
}
@Override
public void onError(String error) {
Toast.makeText(getApplicationContext(), error, Toast.LENGTH_SHORT).show();
}
});
{
"ID": "746500ae-a5cd-4692-8fd0-49d57cf7cc57", // User ID from Cotter's system
"created_at": "2020-02-25T04:08:26.174597Z",
"update_at": "2020-02-27T22:20:31.333154814Z",
"deleted_at": null,
"issuer": "afcabd98-745f-4b9e-98de-af968d9951d3", // your API KEY ID
"client_user_id": "1014", // you client's user ID
"enrolled": [ // Enrolled Authentication Methods
"PIN",
"BIOMETRIC",
"TRUSTED_DEVICE" // This should be added to enrolled methods once enrollDevice successful
],
"default_method": "TRUSTED_DEVICE" // This will automatically be the last enrolled method, which is Trusted Device in this case
}
Step 6: Authenticate from a Trusted Device
To authenticate a device, call the TrustedDeviceHelper.requestAuth function. This will automatically detect whether the current device is a Trusted Device or not.
TrustedDeviceHelper.requestAuth(this, "<EVENT NAME>", this, Dashboard.class, new Callback() {
@Override
public void onSuccess(JSONObject result) {
Toast.makeText(getApplicationContext(), result.toString(), Toast.LENGTH_SHORT).show();
// Pass in the `result` to your backend server when:
// - Logging in your users
// - making a transaction
// - fetching sensitive data
}
@Override
public void onError(String error) {
Toast.makeText(getApplicationContext(), error, Toast.LENGTH_SHORT).show();
}
});
{
"ID": 1361, // Event ID
"CreatedAt": "2020-02-27T22:22:48.705212512Z",
"UpdatedAt": "2020-02-27T22:22:48.705212512Z",
"DeletedAt": null,
"client_user_id": "1014", // your client's User ID
"issuer": "afcabd98-745f-4b9e-98de-af968d9951d3", // your API Key
"event": "<EVENT NAME>",// requested event (LOGIN, or TRANSACTION, etc)
"ip": "192.168.232.2",
"location": "Unknown",
"timestamp": "1582842167",
"method": "TRUSTED_DEVICE", // auth method: TRUSTED_DEVICE (other choices are PIN / BIOMETRIC)
"new": false, // Is this a new pending event. More explanation below about Non-Trusted Device
"approved": true, // Is this event approved.
"signature": "oonMGCAxp3..." // Signature to make sure this event comes from Cotter's server
}