Cotter
0.1.0
BlogDashboardGet help on Slack 👋
Search
⌃K
Links

Authenticate from a Non-Trusted Device

When a user requested to login from a device that they don't trust, the user will be asked to approve the login from a trusted device.
This involves 2 parts:
  • In the Non-Trusted Device: Login as usual using cotter.signInWithDevice
  • In the Trusted Device: Approve the request using cotter.checkNewSignInRequest

Step 1: Login from the Non-Trusted Device

There's no change here, you just need to login normally using cotter.signInWithDevice
Cotter cotter = new Cotter(apiKeyID: API_KEY_ID);
void login(BuildContext context) async {
try {
// 🚀 One-line Login
var event = await cotter.signInWithDevice(identifier: inputController.text, context: context);
print(event);
} catch (e) {
print(e);
}
}
The SDK will detect that the request is coming from a non-trusted device, and will present a prompt like this:
Login Request from a Non-Trusted Device
The function will wait for the request to be approved, or timeout after 3 minutes.

Step 2: Approve the login request from the Trusted Device

Inside your app that is inside the Trusted Device, call the function cotter.checkNewSignInRequest . The user need to be logged-in to approve a login request.

How does my app know if this device is trusted?

Get the logged-in user, then call cotter.isThisDeviceTrusted() to check.
Cotter cotter = new Cotter(apiKeyID: API_KEY_ID);
void isThisDeviceTrusted() async {
try {
var user = await cotter.getUser();
var trusted = await user.isThisDeviceTrusted();
print(trusted);
} catch (e) {
print(e);
}
}

Approving the request

In the future, you can set up a push-notification to receive the login request in your app. For now, present a button in your Settings page and call user.checkNewSignInRequest .
void approveLogin() async {
try {
var user = await cotter.getUser();
Event event = await user.checkNewSignInRequest(context: context);
print(event);
} catch (e) {
print(e);
}
}
This will present the user with a prompt asking if the user want to approve the login request.
Approving the Login Request from a Trusted Device

What happens then?

If the user approved the request, you'll get back an event with {approved: true} in the non-trusted device in Step 1. The SDK will automatically store the logged-in user and access tokens in the device's secure storage.
Previous
Add Email/Phone Verification
Next
Sign in with Email/Phone Number
Last modified 2yr ago