Cotter
  • 🚀Getting Started
  • Features & Concepts
    • 💬Sign In with Email/Phone Number
    • 🔐Sign In with Device
      • How it works
    • 🧬Sign In with WebAuthn
  • 📌Quickstart Guides
    • All Guides & Tutorials
    • HTML – Sign in with Email/Phone
    • React – Sign in with Email/Phone
    • React – WebAuthn
    • ▲ Next.js
    • Angular
    • Webflow
    • Bubble.io
    • Python SDK for a CLI
    • React Native – Sign in with Device
    • iOS – Sign in with Device
    • Flutter – Sign in with Device
  • 📘SDK Reference
    • Web
      • Sign In with Email/Phone Number
        • Customize the Form
        • Checking the email or phone before sending a verification code
        • Sending Code or Link via WhatsApp
        • Styling
        • Older SDK
          • Customize the Form
      • Sign in with Social Login
        • Getting Access Tokens from Social Login Providers
        • Github Instructions
        • Google Instructions
      • Sign In with WebAuthn
        • Register WebAuthn for a logged-in user
      • Sign In with Device
        • Steps for Pop Up Authentication Prompt
        • Advanced Customization for Login Form
        • Advanced Customization for Pop Up Authentication Prompt
      • Getting Access Token and Logged-In User Info
      • Sending Successful Form Submission
      • FAQ & Troubleshooting
    • React Native
      • Installation
      • Sign In with Device
        • Add Email/Phone Verification
        • Authenticate from a Non-Trusted Device
        • Add a new Trusted Device
        • Remove Trusted Device
      • Sign In with Email/Phone Number
      • Getting Stored OAuth Tokens and User Information
      • FAQ
      • Older SDK Versions
        • Sign in with Email/Phone
        • Sending Code via WhatsApp
        • Sign In with Device
          • Authenticate from a Non-Trusted Device
          • Add a new Trusted Device
          • Customization
    • Flutter
      • Sign In with Device
        • Add Email/Phone Verification
        • Authenticate from a Non-Trusted Device
      • Sign in with Email/Phone Number
      • Getting the Logged-in User
      • Getting OAuth Tokens
      • Signing a User Out
    • iOS
      • Sign In with Email/Phone Number
      • Sign In with Device
        • Authenticate from a Non-Trusted Device
        • Push Notification
        • Check if Trusted Device is Enrolled
        • Add a New Trusted Device
        • Remove Trusted Device
      • Older Versions
        • Biometric/Pin
    • Android
      • Sign In with Device
        • Authenticate from a Non-Trusted Device
        • Check if Trusted Device is Enrolled
        • Add a new Trusted Device
        • Remove Trusted Device
        • Customization
      • Sign In with Email/Phone Number
      • Biometric/Pin
        • Advanced Methods
        • Customization
        • Setting Strings
        • Styling
      • Older SDK Version
        • Sign In with Device
          • Authenticate from a Non-Trusted Device
    • Python (for CLI)
    • API for Other Mobile Apps or CLI
      • Verify Email/Phone Number
        • Handling URL Scheme
    • Backend: Handling Response
  • 🛡️ Protecting Your Account
    • Only Allow Your Website/App to Use Your API Key
    • Rate Limit
    • Enable reCAPTCHA to Protect Against Automated Abuse
  • 🗝️ Getting Access Token
    • Cotter's OAuth 2.0 Tokens Specification
    • Getting the Tokens
      • Get Tokens during Authentication
      • Using the Refresh Token
    • Storing and Removing Tokens
    • Renewing Expired Tokens
    • Verifying JWT Tokens
    • Requesting Custom Fields on your JWT Token
    • Older API
      • Using HTTP Requests
      • Getting the Tokens
        • During Authentication
          • During Email/Phone Verification
        • During enrolling Trusted Devices
  • 🔌API Reference
    • User API
      • User Object
    • OAuth Tokens API
      • Verify JWT Token using API (serverless)
      • Requesting Custom Claims on your Access Token
      • Older API
    • OAuth Tokens from Social Login
    • Event Object
    • Reset PIN API
  • Older API
    • Validating Cotter's Identity Token
    • Validating Cotter's Event Response
Powered by GitBook
On this page
  • Step 1: Login from the Non-Trusted Device
  • Step 2: Approve the login request from the Trusted Device
  • What happens then?
  1. SDK Reference
  2. Flutter
  3. Sign In with Device

Authenticate from a Non-Trusted Device

PreviousAdd Email/Phone VerificationNextSign in with Email/Phone Number

Last updated 4 years ago

When a user requested to login from a device that they don't trust, the user will be asked to approve the login from a trusted device.

This involves 2 parts:

  • In the Non-Trusted Device: Login as usual using cotter.signInWithDevice

  • In the Trusted Device: Approve the request using cotter.checkNewSignInRequest

Step 1: Login from the Non-Trusted Device

There's no change here, you just need to login normally using cotter.signInWithDevice

Cotter cotter = new Cotter(apiKeyID: API_KEY_ID);
void login(BuildContext context) async {
  try {
    // 🚀 One-line Login
    var event = await cotter.signInWithDevice(identifier: inputController.text, context: context);
    print(event);
  } catch (e) {
    print(e);
  }
}

The SDK will detect that the request is coming from a non-trusted device, and will present a prompt like this:

The function will wait for the request to be approved, or timeout after 3 minutes.

Step 2: Approve the login request from the Trusted Device

Inside your app that is inside the Trusted Device, call the function cotter.checkNewSignInRequest . The user need to be logged-in to approve a login request.

How does my app know if this device is trusted?

Get the logged-in user, then call cotter.isThisDeviceTrusted() to check.

 Cotter cotter = new Cotter(apiKeyID: API_KEY_ID);
 
void isThisDeviceTrusted() async {
  try {
    var user = await cotter.getUser();
    var trusted = await user.isThisDeviceTrusted();
    print(trusted);
  } catch (e) {
    print(e);
  }
}

Approving the request

In the future, you can set up a push-notification to receive the login request in your app. For now, present a button in your Settings page and call user.checkNewSignInRequest .

void approveLogin() async {
  try {
    var user = await cotter.getUser();
    Event event = await user.checkNewSignInRequest(context: context);
    print(event);
  } catch (e) {
    print(e);
  }
}

This will present the user with a prompt asking if the user want to approve the login request.

What happens then?

If the user approved the request, you'll get back an event with {approved: true} in the non-trusted device in Step 1. The SDK will and in the device's secure storage.

📘
automatically store the logged-in user
access tokens
Login Request from a Non-Trusted Device
Approving the Login Request from a Trusted Device