Authenticate from a Non-Trusted Device

When a user requested to login from a device that they don't trust, the user will be asked to approve the login from a trusted device.

This involves 2 parts:

  • In the Non-Trusted Device: Login as usual using cotter.signInWithDevice

  • In the Trusted Device: Approve the request using cotter.checkNewSignInRequest

Step 1: Login from the Non-Trusted Device

There's no change here, you just need to login normally using cotter.signInWithDevice

Cotter cotter = new Cotter(apiKeyID: API_KEY_ID);
void login(BuildContext context) async {
try {
// πŸš€ One-line Login
var event = await cotter.signInWithDevice(identifier: inputController.text, context: context);
print(event);
} catch (e) {
print(e);
}
}

The SDK will detect that the request is coming from a non-trusted device, and will present a prompt like this:

Login Request from a Non-Trusted Device

The function will wait for the request to be approved, or timeout after 3 minutes.

Step 2: Approve the login request from the Trusted Device

Inside your app that is inside the Trusted Device, call the function cotter.checkNewSignInRequest . The user need to be logged-in to approve a login request.

How does my app know if this device is trusted?

Get the logged-in user, then call cotter.isThisDeviceTrusted() to check.

Cotter cotter = new Cotter(apiKeyID: API_KEY_ID);
void isThisDeviceTrusted() async {
try {
var user = await cotter.getUser();
var trusted = await user.isThisDeviceTrusted();
print(trusted);
} catch (e) {
print(e);
}
}

Approving the request

In the future, you can set up a push-notification to receive the login request in your app. For now, present a button in your Settings page and call user.checkNewSignInRequest .

void approveLogin() async {
try {
var user = await cotter.getUser();
Event event = await user.checkNewSignInRequest(context: context);
print(event);
} catch (e) {
print(e);
}
}

This will present the user with a prompt asking if the user want to approve the login request.

Approving the Login Request from a Trusted Device

What happens then?

If the user approved the request, you'll get back an event with {approved: true} in the non-trusted device in Step 1. The SDK will automatically store the logged-in user and access tokens in the device's secure storage.