FAQ & Troubleshooting

Why do I get "Cannot read property 'digest' of undefined"?

Our SDK uses Web Cryptography API to create SHA-256 digest for the OAuth 2.0 flow.

According to the spec of crypto.subtle (from MDN web docs), this feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

In most browsers, secure origins are origins that match at least one of the following (scheme, host, port) patterns:

(https, *, *)
(wss, *, *)
(*, localhost, *)
(*, 127/8, *)
(*, ::1/128, *)
(file, *, β€”)

If you're running your application from a secure origin, it's possible that your browser doesn't support the Web Crypto API. For a compatibility table, please check https://caniuse.com/#feat=mdn-api_subtlecrypto​

Why does it not show up in incognito?

Chrome and some other browsers doesn't allow cross-origin cookies by default. Try allowing cookies and it should work. We are currently working on an alternative solution, get updates by joining our Slack channel.

WebAuthn showing an error [object Object]

Yes, we are making our error messages better πŸ˜‰. In the meantime, a possible cause is not enabling cross-origin cookie. Make sure that it's enabled and you don't have an ad-blocker.

I'm seeing "misconfiguration by the owner"

Usually this can be caused by one of the problems below:

  • You're not using a valid API_KEY_ID. If you're using one of the example CodeSandbox, make sure you paste in your own API key.

  • You are accessing a project from a domain that is not listed in Allowed URLs. Go to your dashboard > Settings > Allowed URLs and check if your current domain is listed. (If you're seeing "*", then all domains should be allowed). Read more here.

Can I style other components like the input label color?

Yes, you can extend the styling more than what is available on the dashboard. Check out the styling guide here.

Can I send the email from my own domain?

Not as of now. We are looking for a way to allow you to add CNAME configurations to point your domain to us, but it is not yet available. If you need this feature, make a feature request at our Slack channel.

For now, you can change the From Name, like this:

My login form looks cut-off, what is the correct height for the div container?

Generally you should follow this:

  • width: 300px

  • height: 300px

If you're adding Social Login, WhatsApp, or Captcha, make the height 500px.

My login doesn't want to fill up the div container's width

This can happen if you're using a modal and the modal is not loaded or have display: none when you are calling showEmailForm or showPhoneForm (or showForm for older SDK versions). The solution: only show Cotter's form when the div container and it's parents are loaded with a fixed width and visible display.

I don't receive a verification email, it's automatically showing "Success"

That is expected! We are an identity provider and this means that whenever a user verifies their email with Cotter, they don't need to re-verify their email again when logging-in to a website that uses Cotter. This is the same concept as Sign in with Google, you don't need to re-enter your password when signing in to Medium or Asana if you're already logged-in with Google. Learn more about how our sign-in works.

How do my users Log Out of Cotter?

Logging Out of Cotter

There are 2 things you need to do to log out your users:

  1. Log Out from your app. When the user logs in, the JS SDK automatically stores the access_token/refresh_token such that it's always available for the logged-in user. To log out the user from your app, call the SDK's Log Out function or remove any stored access_token/refresh_token from your website or app.

  2. Log Out from Cotter. Because Cotter is an Identity Provider like Google, after you log out the user from your app following step 1 above, your user can log back in to your app without being asked to re-verify their email if they were active in the past 30 days. If you want the user to be asked to re-verify their email, the user must log out from Cotter (equivalent to logging out of their Google Account). To do this, direct your user to https://js.cotter.app/logout where they can log out from their account.