# FAQ & Troubleshooting

### **Why do I get "Cannot read property 'digest' of undefined"?**

Our SDK uses [Web Cryptography API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API) to create [SHA-256 digest](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest) for the OAuth 2.0 flow.

According to the spec of `crypto.subtle` (from [MDN web docs](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle#Browser_compatibility)), this feature is available only in [secure contexts](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts) (HTTPS), in some or all [supporting browsers](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle#Browser_compatibility).

In most browsers, secure origins are origins that match at least one of the following (scheme, host, port) patterns:

```
(https, *, *)
(wss, *, *)
(*, localhost, *)
(*, 127/8, *)
(*, ::1/128, *)
(file, *, —)
```

If you're running your application from a secure origin, it's possible that your browser doesn't support the Web Crypto API. For a compatibility table, please check <https://caniuse.com/#feat=mdn-api_subtlecrypto>

### **Why does it not show up in incognito?**

Chrome and some other browsers doesn't allow cross-origin cookies by default. Try allowing cookies and it should work. We are currently working on an alternative solution, get updates by [joining our Slack channel](https://join.slack.com/t/askcotter/shared_invite/zt-dxzf311g-5Mp3~odZNB2DwYaxIJ1dJA).

### **WebAuthn showing an error \[object Object]**

Yes, we are making our error messages better 😉. In the meantime, a possible cause is not enabling cross-origin cookie. Make sure that it's enabled and you don't have an ad-blocker.

### I'm seeing "misconfiguration by the owner"

![](https://107069962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M0QGDMRD8y_Kd-BpOvT%2F-MEjTbQBgRJYmXNzRmcd%2F-MEjUQCUMLZu76GWl-Uy%2Fimage.png?alt=media\&token=16e1f40e-11b9-4cd6-8a7f-e5fe1cb9ef61)

Usually this can be caused by one of the problems below:

* **You're not using a valid API\_KEY\_ID.** If you're using one of the example CodeSandbox, make sure you paste in your own API key.
* **You are accessing a project from a domain that is not listed in Allowed URLs.** Go to your dashboard > Settings > Allowed URLs and check if your current domain is listed. (If you're seeing "\*", then all domains should be allowed). [Read more here](https://docs.cotter.app/protecting-your-account/only-allow-your-website-app-to-use-your-api-key).

### Can I style other components like the input label color?

Yes, you can extend the styling more than what is available on the dashboar&#x64;**.** Check out the [styling guide here](https://docs.cotter.app/sdk-reference/web/web-sdk-verify-email-phone/styling).

### Can I send the email from my own domain?

Not as of now. We are looking for a way to allow you to add CNAME configurations to point your domain to us, but it is not yet available. If you need this feature, make a feature request at [our Slack channel](https://join.slack.com/t/askcotter/shared_invite/zt-dxzf311g-5Mp3~odZNB2DwYaxIJ1dJA).

For now, you can change the **From Name,** like this:

![](https://107069962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M0QGDMRD8y_Kd-BpOvT%2F-MEjVJ8inRy8wwJjW0AR%2F-MEjW3ONLKp_jbAPHrfc%2Fimage.png?alt=media\&token=e4142e68-7908-466e-aeee-d97951198e7c)

### My login form looks cut-off, what is the correct height for the div container?

Generally you should follow this:

* width: 300px
* height: 300px

If you're adding Social Login, WhatsApp, or Captcha, make the **height 500px.**

### **My login doesn't want to fill up the div container's width**

This can happen if you're using a modal and the modal is not loaded or have `display: none` when you are calling `showEmailForm` or `showPhoneForm` (or `showForm` for older SDK versions). The solution: only show Cotter's form **when the div container and it's parents are loaded with a fixed width and visible display.**

### **I don't receive a verification email, it's automatically showing "Success"**

That is expected! We are an identity provider and this means that whenever a user verifies their email with Cotter, **they don't need to re-verify their email again** when logging-in to a website that uses Cotter. This is the same concept as Sign in with Google, you don't need to re-enter your password when signing in to Medium or Asana if you're already logged-in with Google. [Learn more about how our sign-in works](https://docs.cotter.app/features/verify-email-phone).

### How do my users Log Out of Cotter?

![Logging Out of Cotter](https://107069962-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M0QGDMRD8y_Kd-BpOvT%2F-MMHSx4ZPxv71Okdi9dD%2F-MMHT2xmYbB7bZxYXglK%2Fimage.png?alt=media\&token=6661b23c-8e51-4655-ab68-75e404aa9709)

There are 2 things you need to do to log out your users:

1. **Log Out from your app**. When the user logs in, the JS SDK automatically stores the access\_token/refresh\_token such that it's always available for the logged-in user. To log out the user from your app, [call the SDK's Log Out](https://docs.cotter.app/sdk-reference/getting-access-token-and-logged-in-user-info#log-out) function or remove any stored access\_token/refresh\_token from your website or app.
2. **Log Out from Cotter.** Because Cotter is an Identity Provider like Google, after you log out the user from your app following step 1 above, **your user can log back in to your app without being asked to re-verify their email if they were active in the past 30 days.** If you want the user to be asked to re-verify their email, the user must log out from Cotter (equivalent to logging out of their Google Account). To do this, direct your user to <https://js.cotter.app/logout> where they can log out from their account.