Cotter's iOS SDK offers the easiest way to integrate "Sign in with device" to your ios app. You can simply call a function and it does most of the heavy lifting and authentication for you.
You can now use the SDK to enroll and verify Trusted Devices for the user you just created.
In your main view controller, initialize Cotter with API keys, Cotter's URL to use (prod/test), and your User ID.
Production Endpoint: https://www.cotter.app/api/v0
Example:
Step 5. Register this device as a Registered Trusted Device
Right after your user finished their registration to your app, you should automatically register the device as a Trusted Device (or prompt your user if they want to make this device as a Trusted Device).
To enroll the current device as a TrustedDevice, call the CotterAPIService.shared.enrollTrustedDevice function, which takes in a userID as String and a Callback function as parameters.
Example:
JSON Result:
This method is only for the first Trusted Device. You will get an error if you attempt to enroll another Trusted Device using enrollDevice when there's already a Trusted Device for the account. To enroll other devices, see Add a new Trusted Device.
Step 6. Authenticate from a Trusted Device
To authenticate a device, call the cotter?.loginWithTrustedDevice function, which takes in the current view controller and a Callback function as parameters. This will automatically detect whether the current device is a Trusted Device or not.
Example:
JSON Result:
An Event is an Authentication Event, where your app requests Cotter's SDK to authenticate the user. EVENT_NAME refers to what type of authentication event was requested. Example: LOGIN event, TRANSACTION event, UPDATE_PROFILE event, etc.
When an Authentication Event is requested using method TRUSTED_DEVICE, there are 2 possible cases:
Case 1: The current device is a Trusted Device
If the current device is a Trusted Device, it should automatically be approved, and you will receive a JSON result containing the requested Event and whether or not it's approved. The approval is based on whether or not the signature included in the request from the SDK is valid.
You should see a result that the event is not new, and that it's approved. This is because the signature from the Trusted Device is sufficient to prove that the device is authorized.
The callback that you provided to the cotter?.loginWithTrustedDevice function will be called on login success or failure. For instance, as seen in the above example, if the login is approved, the callback function will be called with no error, and you can redirect the user to the Dashboard View Controller. However, if the login is not approved, then an error will exist and you can redirect the user to the Error Page View Controller.
When passing this Event Response to your backend, you need to check if this JSON is valid and if it comes from Cotter's server.
Checkout how to verify the OAuth Tokens from Cotter here:
Passwordless.shared.registerWith(identifier: input){ (user: CotterUser?, err:Error?) in
if err != nil {
// handle error here
}
if user != nil {
// you can save cotter's user id in your database here
}
}
let cotter = Cotter(
apiSecretKey: <your-api-secret-key>,
apiKeyID: <your-api-key-id>,
cotterURL: "https://www.cotter.app/api/v0",
userID: <your-user-id>, // user's id that will be registered/created later
configuration: [:]
)
func enrollTrustedDeviceForUser(userID: String) {
CotterAPIService.shared.enrollTrustedDevice(userID: userID, cb: { response in
switch response {
case .success(let user):
print("Successfully enrolled existing user \(user.id): \(user.enrolled)")
case .failure(let err):
// you can put exhaustive error handling here
print(err.localizedDescription)
}
})
}
enrollTrustedDeviceForUser(userID: "[email protected]")
{
"ID": "746500ae-a5cd-4692-8fd0-49d57cf7cc57", // User ID from Cotter's system
"created_at": "2020-02-25T04:08:26.174597Z",
"update_at": "2020-02-27T22:20:31.333154814Z",
"deleted_at": null,
"issuer": "afcabd98-745f-4b9e-98de-af968d9951d3", // your API KEY ID
"client_user_id": "1014", // you client's user ID
"enrolled": [ // Enrolled Authentication Methods
"PIN",
"BIOMETRIC",
"TRUSTED_DEVICE" // This should be added to enrolled methods once enrollDevice successful
],
"default_method": "TRUSTED_DEVICE" // This will automatically be the last enrolled method, which is Trusted Device in this case
}
{
"ID": 1361, // Event ID
"CreatedAt": "2020-02-27T22:22:48.705212512Z",
"UpdatedAt": "2020-02-27T22:22:48.705212512Z",
"DeletedAt": null,
"client_user_id": "1014", // your client's User ID
"issuer": "afcabd98-745f-4b9e-98de-af968d9951d3", // your API Key
"event": "<EVENT NAME>",// requested event (LOGIN, or TRANSACTION, etc)
"ip": "192.168.232.2",
"location": "Unknown",
"timestamp": "1582842167",
"method": "TRUSTED_DEVICE", // auth method: TRUSTED_DEVICE (other choices are PIN / BIOMETRIC)
"new": false, // Is this a new pending event. More explanation below about Non-Trusted Device
"approved": true, // Is this event approved.
"signature": "oonMGCAxp3..." // Signature to make sure this event comes from Cotter's server
}
{
...
"method": "TRUSTED_DEVICE",
"new": false, // Is this a new pending event (should be false).
"approved": true // Is this event approved (should be true).
}
