Cotter
  • 🚀Getting Started
  • Features & Concepts
    • 💬Sign In with Email/Phone Number
    • 🔐Sign In with Device
      • How it works
    • 🧬Sign In with WebAuthn
  • 📌Quickstart Guides
    • All Guides & Tutorials
    • HTML – Sign in with Email/Phone
    • React – Sign in with Email/Phone
    • React – WebAuthn
    • ▲ Next.js
    • Angular
    • Webflow
    • Bubble.io
    • Python SDK for a CLI
    • React Native – Sign in with Device
    • iOS – Sign in with Device
    • Flutter – Sign in with Device
  • 📘SDK Reference
    • Web
      • Sign In with Email/Phone Number
        • Customize the Form
        • Checking the email or phone before sending a verification code
        • Sending Code or Link via WhatsApp
        • Styling
        • Older SDK
          • Customize the Form
      • Sign in with Social Login
        • Getting Access Tokens from Social Login Providers
        • Github Instructions
        • Google Instructions
      • Sign In with WebAuthn
        • Register WebAuthn for a logged-in user
      • Sign In with Device
        • Steps for Pop Up Authentication Prompt
        • Advanced Customization for Login Form
        • Advanced Customization for Pop Up Authentication Prompt
      • Getting Access Token and Logged-In User Info
      • Sending Successful Form Submission
      • FAQ & Troubleshooting
    • React Native
      • Installation
      • Sign In with Device
        • Add Email/Phone Verification
        • Authenticate from a Non-Trusted Device
        • Add a new Trusted Device
        • Remove Trusted Device
      • Sign In with Email/Phone Number
      • Getting Stored OAuth Tokens and User Information
      • FAQ
      • Older SDK Versions
        • Sign in with Email/Phone
        • Sending Code via WhatsApp
        • Sign In with Device
          • Authenticate from a Non-Trusted Device
          • Add a new Trusted Device
          • Customization
    • Flutter
      • Sign In with Device
        • Add Email/Phone Verification
        • Authenticate from a Non-Trusted Device
      • Sign in with Email/Phone Number
      • Getting the Logged-in User
      • Getting OAuth Tokens
      • Signing a User Out
    • iOS
      • Sign In with Email/Phone Number
      • Sign In with Device
        • Authenticate from a Non-Trusted Device
        • Push Notification
        • Check if Trusted Device is Enrolled
        • Add a New Trusted Device
        • Remove Trusted Device
      • Older Versions
        • Biometric/Pin
    • Android
      • Sign In with Device
        • Authenticate from a Non-Trusted Device
        • Check if Trusted Device is Enrolled
        • Add a new Trusted Device
        • Remove Trusted Device
        • Customization
      • Sign In with Email/Phone Number
      • Biometric/Pin
        • Advanced Methods
        • Customization
        • Setting Strings
        • Styling
      • Older SDK Version
        • Sign In with Device
          • Authenticate from a Non-Trusted Device
    • Python (for CLI)
    • API for Other Mobile Apps or CLI
      • Verify Email/Phone Number
        • Handling URL Scheme
    • Backend: Handling Response
  • 🛡️ Protecting Your Account
    • Only Allow Your Website/App to Use Your API Key
    • Rate Limit
    • Enable reCAPTCHA to Protect Against Automated Abuse
  • 🗝️ Getting Access Token
    • Cotter's OAuth 2.0 Tokens Specification
    • Getting the Tokens
      • Get Tokens during Authentication
      • Using the Refresh Token
    • Storing and Removing Tokens
    • Renewing Expired Tokens
    • Verifying JWT Tokens
    • Requesting Custom Fields on your JWT Token
    • Older API
      • Using HTTP Requests
      • Getting the Tokens
        • During Authentication
          • During Email/Phone Verification
        • During enrolling Trusted Devices
  • 🔌API Reference
    • User API
      • User Object
    • OAuth Tokens API
      • Verify JWT Token using API (serverless)
      • Requesting Custom Claims on your Access Token
      • Older API
    • OAuth Tokens from Social Login
    • Event Object
    • Reset PIN API
  • Older API
    • Validating Cotter's Identity Token
    • Validating Cotter's Event Response
Powered by GitBook
On this page
  • Why do I get "Cannot read property 'digest' of undefined"?
  • Why does it not show up in incognito?
  • WebAuthn showing an error [object Object]
  • I'm seeing "misconfiguration by the owner"
  • Can I style other components like the input label color?
  • Can I send the email from my own domain?
  • My login form looks cut-off, what is the correct height for the div container?
  • My login doesn't want to fill up the div container's width
  • I don't receive a verification email, it's automatically showing "Success"
  • How do my users Log Out of Cotter?
  1. SDK Reference
  2. Web

FAQ & Troubleshooting

PreviousSending Successful Form SubmissionNextReact Native

Last updated 4 years ago

Why do I get "Cannot read property 'digest' of undefined"?

Our SDK uses to create for the OAuth 2.0 flow.

According to the spec of crypto.subtle (from ), this feature is available only in (HTTPS), in some or all .

In most browsers, secure origins are origins that match at least one of the following (scheme, host, port) patterns:

(https, *, *)
(wss, *, *)
(*, localhost, *)
(*, 127/8, *)
(*, ::1/128, *)
(file, *, —)

If you're running your application from a secure origin, it's possible that your browser doesn't support the Web Crypto API. For a compatibility table, please check

Why does it not show up in incognito?

Chrome and some other browsers doesn't allow cross-origin cookies by default. Try allowing cookies and it should work. We are currently working on an alternative solution, get updates by .

WebAuthn showing an error [object Object]

Yes, we are making our error messages better 😉. In the meantime, a possible cause is not enabling cross-origin cookie. Make sure that it's enabled and you don't have an ad-blocker.

I'm seeing "misconfiguration by the owner"

Usually this can be caused by one of the problems below:

  • You're not using a valid API_KEY_ID. If you're using one of the example CodeSandbox, make sure you paste in your own API key.

Can I style other components like the input label color?

Can I send the email from my own domain?

For now, you can change the From Name, like this:

My login form looks cut-off, what is the correct height for the div container?

Generally you should follow this:

  • width: 300px

  • height: 300px

If you're adding Social Login, WhatsApp, or Captcha, make the height 500px.

My login doesn't want to fill up the div container's width

This can happen if you're using a modal and the modal is not loaded or have display: none when you are calling showEmailForm or showPhoneForm (or showForm for older SDK versions). The solution: only show Cotter's form when the div container and it's parents are loaded with a fixed width and visible display.

I don't receive a verification email, it's automatically showing "Success"

How do my users Log Out of Cotter?

There are 2 things you need to do to log out your users:

You are accessing a project from a domain that is not listed in Allowed URLs. Go to your dashboard > Settings > Allowed URLs and check if your current domain is listed. (If you're seeing "*", then all domains should be allowed). .

Yes, you can extend the styling more than what is available on the dashboard. Check out the .

Not as of now. We are looking for a way to allow you to add CNAME configurations to point your domain to us, but it is not yet available. If you need this feature, make a feature request at .

That is expected! We are an identity provider and this means that whenever a user verifies their email with Cotter, they don't need to re-verify their email again when logging-in to a website that uses Cotter. This is the same concept as Sign in with Google, you don't need to re-enter your password when signing in to Medium or Asana if you're already logged-in with Google. .

Log Out from your app. When the user logs in, the JS SDK automatically stores the access_token/refresh_token such that it's always available for the logged-in user. To log out the user from your app, function or remove any stored access_token/refresh_token from your website or app.

Log Out from Cotter. Because Cotter is an Identity Provider like Google, after you log out the user from your app following step 1 above, your user can log back in to your app without being asked to re-verify their email if they were active in the past 30 days. If you want the user to be asked to re-verify their email, the user must log out from Cotter (equivalent to logging out of their Google Account). To do this, direct your user to where they can log out from their account.

📘
Web Cryptography API
SHA-256 digest
MDN web docs
secure contexts
supporting browsers
https://caniuse.com/#feat=mdn-api_subtlecrypto
joining our Slack channel
Read more here
styling guide here
our Slack channel
Learn more about how our sign-in works
https://js.cotter.app/logout
Logging Out of Cotter
call the SDK's Log Out