Cotter
BlogDashboardGet help on Slack ๐Ÿ‘‹
Searchโ€ฆ
0.1.0
๐Ÿš€
Getting Started
Features & Concepts
๐Ÿ“Œ
Quickstart Guides
All Guides & Tutorials
HTML โ€“ Sign in with Email/Phone
React โ€“ Sign in with Email/Phone
React โ€“ WebAuthn
โ–ฒ Next.js
Angular
Webflow
Bubble.io
Python SDK for a CLI
React Native โ€“ Sign in with Device
iOS โ€“ Sign in with Device
Flutter โ€“ Sign in with Device
๐Ÿ“˜
SDK Reference
Web
React Native
Flutter
iOS
Android
Sign In with Device
Authenticate from a Non-Trusted Device
Check if Trusted Device is Enrolled
Add a new Trusted Device
Remove Trusted Device
Customization
Sign In with Email/Phone Number
Biometric/Pin
Older SDK Version
Python (for CLI)
API for Other Mobile Apps or CLI
Backend: Handling Response
๐Ÿ›ก๏ธ Protecting Your Account
Only Allow Your Website/App to Use Your API Key
Rate Limit
Enable reCAPTCHA to Protect Against Automated Abuse
๐Ÿ—๏ธ Getting Access Token
Cotter's OAuth 2.0 Tokens Specification
Getting the Tokens
Storing and Removing Tokens
Renewing Expired Tokens
Verifying JWT Tokens
Requesting Custom Fields on your JWT Token
Older API
๐Ÿ”Œ
API Reference
User API
OAuth Tokens API
OAuth Tokens from Social Login
Event Object
Reset PIN API
Older API
Validating Cotter's Identity Token
Validating Cotter's Event Response
Powered By GitBook
Sign In with Device
Our Android SDK offers the easiest way to integrate "Sign in with device" to your android app. You can simply call a function and it does most of the heavy lifting and authentication for you.
Concepts: Learn about how Sign in with Device works.
There are major updates planned for this feature. Contact us in Slack so we can help you prepare for it.

Overview

Authenticating users using Trusted Devices with Cotter's Android SDK consists of the following steps:
    1.
    Import and Initialize Cotter
    2.
    Sign up a new user and trust the current device
    3.
    Sign in existing user from a Trusted and a Non-Trusted Device

What you're building

Trusted Devices on Cotter's Android SDK

Step 1: Import Cotter as a dependency

Add JitPack repository your project level build.gradle at the end of repositories.
build.gradle
1
allprojects {
2
repositories {
3
...
4
maven { url 'https://jitpack.io' }
5
}
6
}
Copied!
Add the Cotter's SDK as a dependency in your app level build.gradle .
1
android {
2
...
3
compileOptions {
4
sourceCompatibility JavaVersion.VERSION_1_8
5
targetCompatibility JavaVersion.VERSION_1_8
6
}
7
}
8
โ€‹
9
dependencies {
10
...
11
implementation 'com.github.cotterapp:android-sdk:0.4.0'
12
}
Copied!
Check the latest version here https://github.com/cotterapp/android-sdk/releases. Then sync your gradle files.

Step 2: Initialize Cotter

You can now use the SDK to sign up a new user and setup the device as trusted, or sign in an existing user using the trusted device
In your MainActivity, initialize Cotter with your API_KEY_ID. You can get it from the Dashboard.
1
Cotter.init(
2
this.getApplicationContext(),
3
"<API_KEY_ID>",
4
);
Copied!
Example:
MainActivity.java
1
public class MainActivity extends AppCompatActivity {
2
โ€‹
3
@Override
4
protected void onCreate(Bundle savedInstanceState) {
5
...
6
โ€‹
7
Cotter.init(
8
this.getApplicationContext(),
9
"<API_KEY_ID>",
10
);
11
}
12
...
Copied!

Step 3: Sign Up a New User and Register This Device as Trusted

    1.
    The user should enter an identifier (an email, phone number, or username).
    2.
    The SDK will register a new user with that identifier, and then enroll the current device as a Trusted Device.
Java
JSON result
1
Cotter.signUpWithDevice(this, userEmail, new Callback() {
2
@Override
3
public void onSuccess(JSONObject result) {
4
Toast.makeText(getApplicationContext(), result.toString(), Toast.LENGTH_SHORT).show();
5
Log.e("Success Register Device", result.toString() );
6
}
7
โ€‹
8
@Override
9
public void onError(String error) {
10
Toast.makeText(getApplicationContext(), error, Toast.LENGTH_SHORT).show();
11
}
12
});
Copied!
1
{
2
"ID": "abcdefgh-abcd-abcd-abcd-571d2e2772c7", // Cotter User ID
3
"client_user_id": "abcdefgh-abcd-abcd-abcd-571d2e2772c7",
4
"created_at": "2020-07-23T23:29:21.85269Z",
5
"default_method": "TRUSTED_DEVICE",
6
"deleted_at": "0001-01-01T00:00:00Z",
7
"enrolled": [
8
"TRUSTED_DEVICE"
9
],
10
"identifier": "[email protected]",
11
"identifiers": null,
12
"issuer": "YOUR_API_KEY_ID", // this is your API Key ID
13
"oauth_token": {
14
"access_token": "eyJhbGciO...",
15
"id_token": "eyJhbGciOiJFU...",
16
"refresh_token": "3:LGOY0pIVof6LgkWo...",
17
"expires_in": 3600,
18
"token_type": "Bearer",
19
"auth_method": "TRUSTED_DEVICE"
20
},
21
"updated_at": "2020-07-23T23:29:22.090131709Z"
22
}
Copied!
This method is only for the first Trusted Device. You will get an error if you attempt to enroll another Trusted Device using enrollDevice when there's already a Trusted Device for the account. To enroll other devices, see Add a new Trusted Device.

Step 4: Authenticate from a Trusted Device

To authenticate a device, call the Cotter.signInWithDevice function. This will automatically detect whether the current device is a Trusted Device or not.
Java
1
Cotter.signInWithDevice(this, userEmail, this, Dashboard.class, new Callback() {
2
@Override
3
public void onSuccess(JSONObject result) {
4
Toast.makeText(getApplicationContext(), result.toString(), Toast.LENGTH_SHORT).show();
5
Log.e("Success logging in", result.toString() );
6
}
7
โ€‹
8
@Override
9
public void onError(String error) {
10
Toast.makeText(getApplicationContext(), error, Toast.LENGTH_SHORT).show();
11
}
12
});
Copied!

Parameters

1
signInWithDevice(Context ctx, String identifier, AppCompatActivity act, Class callbackClass, Callback callback)
Copied!
    identifier: Your user's identifier (email/phone/username) that was used to register this user in Step 3.
    callbackClass : The next activity class that you want to redirect to when the authentication request is finished
    callback : A custom Callback function that implements 2 methods: onSuccess and onError.
When an Authentication Event is requested using method TRUSTED_DEVICE, there are 2 possible cases:

Case 1: The current device is a Trusted Device

If the current device is a Trusted Device, it should automatically be approved, and you will receive a JSON result containing the requested Event and whether or not it's approved. The approval is based on whether or not the signature included in the request from the SDK is valid.
1
{
2
...
3
"method": "TRUSTED_DEVICE",
4
"new": false, // Is this a new pending event (should be false).
5
"approved": true, // Is this event approved (should be true).
6
7
"oauth_token": {
8
"access_token": "eyJhbGciOiJFUz...", // validate this access token
9
"id_token": "eyJhbGciOiJFUz...",
10
"refresh_token": "5:cYIfabtspE1cBeD7KP...",
11
"expires_in": 3600,
12
"token_type": "Bearer",
13
"auth_method": "TRUSTED_DEVICE"
14
}
15
}
16
โ€‹
Copied!
You should see a result that the event is not new, and that it's approved. This is because the signature from the Trusted Device is sufficient to prove that the device is authorized.
When passing this Response to your backend, you need to check if this JSON is valid and if it comes from Cotter's server by validating the access token.
Checkout how to verify the OAuth Tokens from Cotter here:

Case 2: The current device is NOT a Trusted Device

We'll cover this in the next guide:

๐ŸŽ‰ You're done!

Next Steps

SDK Reference - Previous
Android
Next
Authenticate from a Non-Trusted Device
Last modified 10mo ago
Copy link
Contents
Overview
What you're building
Step 1: Import Cotter as a dependency
Step 2: Initialize Cotter
Step 3: Sign Up a New User and Register This Device as Trusted
Step 4: Authenticate from a Trusted Device
๐ŸŽ‰ You're done!
Next Steps