In most browsers, secure origins are origins that match at least one of the following (scheme, host, port) patterns:
(https, *, *)(wss, *, *)(*, localhost, *)(*, 127/8, *)(*, ::1/128, *)(file, *, —)
If you're running your application from a secure origin, it's possible that your browser doesn't support the Web Crypto API. For a compatibility table, please check https://caniuse.com/#feat=mdn-api_subtlecrypto
Chrome and some other browsers doesn't allow cross-origin cookies by default. Try allowing cookies and it should work. We are currently working on an alternative solution, get updates by joining our Slack channel.
Yes, we are making our error messages better 😉. In the meantime, a possible cause is not enabling cross-origin cookie. Make sure that it's enabled and you don't have an ad-blocker.
Usually this can be caused by one of the problems below:
You're not using a valid API_KEY_ID. If you're using one of the example CodeSandbox, make sure you paste in your own API key.
You are accessing a project from a domain that is not listed in Allowed URLs. Go to your dashboard > Settings > Allowed URLs and check if your current domain is listed. (If you're seeing "*", then all domains should be allowed). Read more here.
Yes, you can extend the styling more than what is available on the dashboard. Check out the styling guide here.
Not as of now. We are looking for a way to allow you to add CNAME configurations to point your domain to us, but it is not yet available. If you need this feature, make a feature request at our Slack channel.
For now, you can change the From Name, like this:
Generally you should follow this:
If you're adding Social Login, WhatsApp, or Captcha, make the height 500px.
This can happen if you're using a modal and the modal is not loaded or have
display: none when you are calling
showForm for older SDK versions). The solution: only show Cotter's form when the div container and it's parents are loaded with a fixed width and visible display.
That is expected! We are an identity provider and this means that whenever a user verifies their email with Cotter, they don't need to re-verify their email again when logging-in to a website that uses Cotter. This is the same concept as Sign in with Google, you don't need to re-enter your password when signing in to Medium or Asana if you're already logged-in with Google. Learn more about how our sign-in works.
There are 2 things you need to do to log out your users:
Log Out from your app. When the user logs in, the JS SDK automatically stores the access_token/refresh_token such that it's always available for the logged-in user. To log out the user from your app, call the SDK's Log Out function or remove any stored access_token/refresh_token from your website or app.
Log Out from Cotter. Because Cotter is an Identity Provider like Google, after you log out the user from your app following step 1 above, your user can log back in to your app without being asked to re-verify their email if they were active in the past 30 days. If you want the user to be asked to re-verify their email, the user must log out from Cotter (equivalent to logging out of their Google Account). To do this, direct your user to https://js.cotter.app/logout where they can log out from their account.