Authenticate from a Non-Trusted Device
When a user requested to login from a device that they don't trust, the user will be asked to approve the login from a trusted device.
This involves 2 parts:
  • In the Non-Trusted Device: Login as usual using cotter.signInWithDevice
  • In the Trusted Device: Approve the request using cotter.checkNewSignInRequest

Step 1: Login from the Non-Trusted Device

There's no change here, you just need to login normally using cotter.signInWithDevice
1
Cotter cotter = new Cotter(apiKeyID: API_KEY_ID);
2
void login(BuildContext context) async {
3
try {
4
// πŸš€ One-line Login
5
var event = await cotter.signInWithDevice(identifier: inputController.text, context: context);
6
print(event);
7
} catch (e) {
8
print(e);
9
}
10
}
Copied!
The SDK will detect that the request is coming from a non-trusted device, and will present a prompt like this:
Login Request from a Non-Trusted Device
The function will wait for the request to be approved, or timeout after 3 minutes.

Step 2: Approve the login request from the Trusted Device

Inside your app that is inside the Trusted Device, call the function cotter.checkNewSignInRequest . The user need to be logged-in to approve a login request.

How does my app know if this device is trusted?

Get the logged-in user, then call cotter.isThisDeviceTrusted() to check.
1
Cotter cotter = new Cotter(apiKeyID: API_KEY_ID);
2
3
void isThisDeviceTrusted() async {
4
try {
5
var user = await cotter.getUser();
6
var trusted = await user.isThisDeviceTrusted();
7
print(trusted);
8
} catch (e) {
9
print(e);
10
}
11
}
Copied!

Approving the request

In the future, you can set up a push-notification to receive the login request in your app. For now, present a button in your Settings page and call user.checkNewSignInRequest .
1
void approveLogin() async {
2
try {
3
var user = await cotter.getUser();
4
Event event = await user.checkNewSignInRequest(context: context);
5
print(event);
6
} catch (e) {
7
print(e);
8
}
9
}
Copied!
This will present the user with a prompt asking if the user want to approve the login request.
Approving the Login Request from a Trusted Device

What happens then?

If the user approved the request, you'll get back an event with {approved: true} in the non-trusted device in Step 1. The SDK will automatically store the logged-in user and access tokens in the device's secure storage.
Last modified 1yr ago