Authenticate from a Non-Trusted Device

When a user requested to login from a device that they don't trust, the user will be asked to approve the login from a trusted device.

This involves 2 parts:

• In the Non-Trusted Device: Login as usual using cotter.signInWithDevice

• In the Trusted Device: Approve the request using cotter.checkNewSignInRequest

Step 1: Login from the Non-Trusted Device

There's no change here, you just need to login normally using cotter.signInWithDevice

Cotter cotter = new Cotter(apiKeyID: API_KEY_ID);
void login(BuildContext context) async {
  try {
    // 🚀 One-line Login
    var event = await cotter.signInWithDevice(identifier: inputController.text, context: context);
    print(event);
  } catch (e) {
    print(e);
  }
}

The SDK will detect that the request is coming from a non-trusted device, and will present a prompt like this:

The function will wait for the request to be approved, or timeout after 3 minutes.

Step 2: Approve the login request from the Trusted Device

Inside your app that is inside the Trusted Device, call the function cotter.checkNewSignInRequest . The user need to be logged-in to approve a login request.

How does my app know if this device is trusted?

Get the logged-in user, then call cotter.isThisDeviceTrusted() to check.

 Cotter cotter = new Cotter(apiKeyID: API_KEY_ID);
 
void isThisDeviceTrusted() async {
  try {
    var user = await cotter.getUser();
    var trusted = await user.isThisDeviceTrusted();
    print(trusted);
  } catch (e) {
    print(e);
  }
}

Approving the request

In the future, you can set up a push-notification to receive the login request in your app. For now, present a button in your Settings page and call user.checkNewSignInRequest .

void approveLogin() async {
  try {
    var user = await cotter.getUser();
    Event event = await user.checkNewSignInRequest(context: context);
    print(event);
  } catch (e) {
    print(e);
  }
}

This will present the user with a prompt asking if the user want to approve the login request.

What happens then?

If the user approved the request, you'll get back an event with {approved: true} in the non-trusted device in Step 1. The SDK will automatically store the logged-in user and access tokens in the device's secure storage.