# Authenticate from a Non-Trusted Device

## Steps

There are 2 steps in authenticating a Non-Trusted Device

1. [Make a request](https://docs.cotter.app/android/older-sdk-version/android-sdk/old-authenticate-from-a-non-trusted-device#step-1-making-an-authentication-request) from the Non-Trusted Device and wait for approval. The SDK will automatically show a prompt asking the user to approve this request from the Trusted Device.
2. [Approve the request](https://docs.cotter.app/android/older-sdk-version/android-sdk/old-authenticate-from-a-non-trusted-device#step-2-how-to-approve-a-pending-request-from-a-trusted-device) from a Trusted Device. The user should tap a button to **check if there's a login request.** They can then **approve or reject** the login request.
3. When the login request is approved, the Non-Trusted Device will receive `oauth_tokens` . You should validate these tokens in your backend.

## Step 1: Make an Authentication Request

![Requesting Login from a Non-Trusted Device](https://107069962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M0QGDMRD8y_Kd-BpOvT%2F-MDc7v6tsmhcw_NY2ES2%2F-MDc9F-J-GWdDSrrfo-z%2FTDStep1RequestAuth.gif?alt=media\&token=7e96fc6f-5046-4f20-8873-5aeca2154d7f)

Same as how it works with [Authenticating from a Trusted Device](https://docs.cotter.app/sdk-reference/react-native/react-native-sdk-passwordless-login/..#step-6-authenticate-from-a-trusted-device-or-non-trusted-device), to authenticate a device, call `cotter.signInWithDevice` . **This will automatically detect whether the current device is a Trusted Device or not.**

```java
// 1️⃣ Request trusted device authentication
var cotter = new Cotter(API_KEY_ID);
cotter.signInWithDevice(
  identifier,  // User's email, phone or username
  this.onRequestSuccess,
  this.onRequestError,
);
```

When an Authentication Event is requested using method `TRUSTED_DEVICE`, there are 2 possible cases:

### Case 1: The current device is a Trusted Device

You will be automatically approved if the request is coming from a Trusted Device. This is covered in [Authenticate from a Trusted Device](https://docs.cotter.app/sdk-reference/react-native/react-native-sdk-passwordless-login/..#case-1-the-current-device-is-a-trusted-device).

### Case 2: The current device is NOT a Trusted Device

If the current device is **not** a Trusted Device, then it will create a **pending event.** This pending event will need to be **approved by a Trusted Device**. 

## Step 2: How to approve a pending request from a Trusted Device

![Press a button to approve a login request from the Trusted Device](https://107069962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M0QGDMRD8y_Kd-BpOvT%2F-MDc7v6tsmhcw_NY2ES2%2F-MDc9P7EfBfYlPg6CrWG%2FTDStep2ApproveAuth.gif?alt=media\&token=7283a478-4293-437d-86dc-bc605127f77d)

To check if there's a pending event for this user, you can call the `getNewEvent` method from a Trusted Device.

```javascript
approveLogin = async () => {
    let cotter = new Cotter(API_KEY_ID);
    try {
      let user = await cotter.getLoggedInUser();
      await user.checkNewSignInRequest();
    } catch (err) {
      console.log(err);
    }
}

...
<Button 
  onPress={this.approveLogin} 
  title="Approve Login"
/>
```

{% hint style="info" %}
**In the future,** your app that is installed in a Trusted Device will receive a notification and this method is invoked when the notification is opened.
{% endhint %}

**For now,** you should **tell your user to press a button and invoke this method** when they try to login from a non-trusted device.

The SDK will open a prompt in the Trusted Device asking if the user want to approve or reject the authentication request

![Prompt to approve request from a Trusted Device](https://107069962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M0QGDMRD8y_Kd-BpOvT%2F-M17xF7Nty75yT1syhtX%2F-M17zwpUdHmduY0qosRm%2Fimage.png?alt=media\&token=52e0c102-f651-4964-a18e-8f0b4f7325d9)

In the prompt in the user's Non-Trusted Device (right picture), you can [Customize the Prompt](https://docs.cotter.app/sdk-reference/react-native/older-sdk-versions/sign-in-with-device/customization) to ask them to press a specific button in the Trusted Device to invoke the prompt on the left.

## Step 3: Get the access token and validate it in your back end

![When approved, you'll receive the JSON response](https://107069962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M0QGDMRD8y_Kd-BpOvT%2F-MDc7v6tsmhcw_NY2ES2%2F-MDc9ZeXYMnwb3rADgRh%2FTDStep3Approved.gif?alt=media\&token=be73f309-75b0-4fd6-9267-218370dc54ab)

When the user approved the login request in the Trusted Device, your `onSuccess` function in the authentication request in [step 1](#step-1-make-an-authentication-request) will be invoked and will receive a JSON response with an access token:

{% tabs %}
{% tab title="JSON Response" %}

```javascript
{
  // OAuth 2.0 Tokens
  "oauth_token": { 
    "access_token": "eyJhbGciOiJFUzI1N...",
    "auth_method": "TRUSTED_DEVICE",
    "expires_in": 3600,
    "id_token": "eyJhbGciOiJFUzI...",
    "refresh_token": "33625:anGsIfvFd...",
    "token_type": "Bearer"
  },
  // Information about the login request
  "ID": 2535926,
  "CreatedAt": "2020-08-01T01:36:24.321921222Z",
  "DeletedAt": "0001-01-01T00:00:00Z",
  "UpdatedAt": "2020-08-01T01:36:24.321921425Z",
  "approved": true, // This login request is approved
  "client_user_id": "abcdefgh-d15c-466f-aaa3-f029a8e534c3",
  "event": "LOGIN",
  "ip": "172.92.5.201",
  "issuer": "<YOUR API KEY ID>",
  "location": "San Francisco",
  "method": "TRUSTED_DEVICE",
  "new": false,
  "signature": "L6x8sLHyPTOMCxudw34YTFGCEO4dGvakJl0g9dIDjUp2gaXbD7Yfxo86Dr7OEtHYmSYegSJkwmZjMzDnPvltDQ==",
  "timestamp": "1596245784",
  "user_id": "00000000-0000-0000-0000-000000000000"
}
```

{% endtab %}
{% endtabs %}

You should pass the `access_token` to your backend when logging-in users, approving transactions, etc. Learn how to validate the access token:

{% content-ref url="../../../getting-access-token/verifying-jwt-tokens" %}
[verifying-jwt-tokens](https://docs.cotter.app/getting-access-token/verifying-jwt-tokens)
{% endcontent-ref %}