FAQ & Troubleshooting
Last updated
Last updated
Our SDK uses to create for the OAuth 2.0 flow.
According to the spec of crypto.subtle
(from ), this feature is available only in (HTTPS), in some or all .
In most browsers, secure origins are origins that match at least one of the following (scheme, host, port) patterns:
If you're running your application from a secure origin, it's possible that your browser doesn't support the Web Crypto API. For a compatibility table, please check
Chrome and some other browsers doesn't allow cross-origin cookies by default. Try allowing cookies and it should work. We are currently working on an alternative solution, get updates by .
Yes, we are making our error messages better 😉. In the meantime, a possible cause is not enabling cross-origin cookie. Make sure that it's enabled and you don't have an ad-blocker.
Usually this can be caused by one of the problems below:
You're not using a valid API_KEY_ID. If you're using one of the example CodeSandbox, make sure you paste in your own API key.
For now, you can change the From Name, like this:
Generally you should follow this:
width: 300px
height: 300px
If you're adding Social Login, WhatsApp, or Captcha, make the height 500px.
This can happen if you're using a modal and the modal is not loaded or have display: none
when you are calling showEmailForm
or showPhoneForm
(or showForm
for older SDK versions). The solution: only show Cotter's form when the div container and it's parents are loaded with a fixed width and visible display.
There are 2 things you need to do to log out your users:
You are accessing a project from a domain that is not listed in Allowed URLs. Go to your dashboard > Settings > Allowed URLs and check if your current domain is listed. (If you're seeing "*", then all domains should be allowed). .
Yes, you can extend the styling more than what is available on the dashboard. Check out the .
Not as of now. We are looking for a way to allow you to add CNAME configurations to point your domain to us, but it is not yet available. If you need this feature, make a feature request at .
That is expected! We are an identity provider and this means that whenever a user verifies their email with Cotter, they don't need to re-verify their email again when logging-in to a website that uses Cotter. This is the same concept as Sign in with Google, you don't need to re-enter your password when signing in to Medium or Asana if you're already logged-in with Google. .
Log Out from your app. When the user logs in, the JS SDK automatically stores the access_token/refresh_token such that it's always available for the logged-in user. To log out the user from your app, function or remove any stored access_token/refresh_token from your website or app.
Log Out from Cotter. Because Cotter is an Identity Provider like Google, after you log out the user from your app following step 1 above, your user can log back in to your app without being asked to re-verify their email if they were active in the past 30 days. If you want the user to be asked to re-verify their email, the user must log out from Cotter (equivalent to logging out of their Google Account). To do this, direct your user to where they can log out from their account.