Sign In with WebAuthn

Sign in with WebAuthn allows you to authenticate users using TouchID or Windows Hello from their browser. This means, you can use biometric authentication from your website.

Concepts: Learn about how Sign in with WebAuthn works.

Overview

WebAuthn authentication works the following way:

A new user would be prompted to either enter a verification code or magic link sent to their email or phone.
Once the user verified their email/phone, the SDK will automatically prompt the user if they want to register this device for fast logins next time.
The user can press "Enable TouchID" and successfully register their laptop.
When the user login next time, the user will automatically be prompted to use TouchID to login. As a fallback method, the user can choose to send a link or code to their email/phone instead.

Steps

Step 1: Import Cotter

Include Javascript SDK

To use our Javascript SDK, include the script below in your HTML page or use the npm package.

<script
    src="https://unpkg.com/[email protected]/dist/cotter.min.js"
    type="text/javascript"
></script>

Make sure you check for the latest version at https://www.npmjs.com/package/cotter

npm install cotter --save

yarn add cotter

Step 2: Set up a `div` element to contain cotter's form

<!-- 2️⃣ Setup a div to contain the form -->
<div id="cotter-form-container" style="width: 300px; height: 300px;"></div>

{/* 2️⃣ Setup a div to contain the form */}
<div id="cotter-form-container" style={{ width: 300, height: 300 }}></div>

Please note that id has to be cotter-form-container for the form to show up.

Step 3: Initialize Cotter and show the form

Grab your API_KEY_ID from the dashboard, then replace <YOUR_API_KEY_ID> with your API_KEY_ID.

<!-- 3️⃣ Show the form -->
<script>
  var cotter = new Cotter("<YOUR_API_KEY_ID>"); // 👈 Specify your API KEY ID here

  cotter
    .withFormID("form_default") // Use customization for form "form_default"
    .signInWithWebAuthnOrLink() // or signInWithWebAuthnOrOTP()
    .showEmailForm()            // or showPhoneForm()
    .then(payload => console.log(payload))
    .catch(err => console.log(err));
</script>

import Cotter from "cotter";
//...

useEffect(() => {
    // 3️⃣  Show the form
    var cotter = new Cotter("<YOUR_API_KEY_ID>"); // 👈 Specify your API KEY ID here

    cotter
      .withFormID("form_default") // Use customization for form "form_default"
      .signInWithWebAuthnOrLink() // or signInWithWebAuthnOrOTP()
      .showEmailForm() // or showPhoneForm()
      .then((payload) => console.log(payload))
      .catch((err) => console.log(err));
  }, []);

There are several options for the fallback method:

Method:
- Magic Link: use signInWithWebAuthnOrLink()
- OTP: use signInWithWebAuthnOrOTP()
Channel:
- Email: use showEmailForm()
- Phone: use showPhoneForm() (you can send code/link via SMS or WhatsApp by setting it up in Dashboard > Branding)

🎉 You're done!

PreviousGoogle Instructions NextRegister WebAuthn for a logged-in user

Last updated 4 years ago