Cotter
  • 🚀Getting Started
  • Features & Concepts
    • 💬Sign In with Email/Phone Number
    • 🔐Sign In with Device
      • How it works
    • 🧬Sign In with WebAuthn
  • 📌Quickstart Guides
    • All Guides & Tutorials
    • HTML – Sign in with Email/Phone
    • React – Sign in with Email/Phone
    • React – WebAuthn
    • ▲ Next.js
    • Angular
    • Webflow
    • Bubble.io
    • Python SDK for a CLI
    • React Native – Sign in with Device
    • iOS – Sign in with Device
    • Flutter – Sign in with Device
  • 📘SDK Reference
    • Web
      • Sign In with Email/Phone Number
        • Customize the Form
        • Checking the email or phone before sending a verification code
        • Sending Code or Link via WhatsApp
        • Styling
        • Older SDK
          • Customize the Form
      • Sign in with Social Login
        • Getting Access Tokens from Social Login Providers
        • Github Instructions
        • Google Instructions
      • Sign In with WebAuthn
        • Register WebAuthn for a logged-in user
      • Sign In with Device
        • Steps for Pop Up Authentication Prompt
        • Advanced Customization for Login Form
        • Advanced Customization for Pop Up Authentication Prompt
      • Getting Access Token and Logged-In User Info
      • Sending Successful Form Submission
      • FAQ & Troubleshooting
    • React Native
      • Installation
      • Sign In with Device
        • Add Email/Phone Verification
        • Authenticate from a Non-Trusted Device
        • Add a new Trusted Device
        • Remove Trusted Device
      • Sign In with Email/Phone Number
      • Getting Stored OAuth Tokens and User Information
      • FAQ
      • Older SDK Versions
        • Sign in with Email/Phone
        • Sending Code via WhatsApp
        • Sign In with Device
          • Authenticate from a Non-Trusted Device
          • Add a new Trusted Device
          • Customization
    • Flutter
      • Sign In with Device
        • Add Email/Phone Verification
        • Authenticate from a Non-Trusted Device
      • Sign in with Email/Phone Number
      • Getting the Logged-in User
      • Getting OAuth Tokens
      • Signing a User Out
    • iOS
      • Sign In with Email/Phone Number
      • Sign In with Device
        • Authenticate from a Non-Trusted Device
        • Push Notification
        • Check if Trusted Device is Enrolled
        • Add a New Trusted Device
        • Remove Trusted Device
      • Older Versions
        • Biometric/Pin
    • Android
      • Sign In with Device
        • Authenticate from a Non-Trusted Device
        • Check if Trusted Device is Enrolled
        • Add a new Trusted Device
        • Remove Trusted Device
        • Customization
      • Sign In with Email/Phone Number
      • Biometric/Pin
        • Advanced Methods
        • Customization
        • Setting Strings
        • Styling
      • Older SDK Version
        • Sign In with Device
          • Authenticate from a Non-Trusted Device
    • Python (for CLI)
    • API for Other Mobile Apps or CLI
      • Verify Email/Phone Number
        • Handling URL Scheme
    • Backend: Handling Response
  • 🛡️ Protecting Your Account
    • Only Allow Your Website/App to Use Your API Key
    • Rate Limit
    • Enable reCAPTCHA to Protect Against Automated Abuse
  • 🗝️ Getting Access Token
    • Cotter's OAuth 2.0 Tokens Specification
    • Getting the Tokens
      • Get Tokens during Authentication
      • Using the Refresh Token
    • Storing and Removing Tokens
    • Renewing Expired Tokens
    • Verifying JWT Tokens
    • Requesting Custom Fields on your JWT Token
    • Older API
      • Using HTTP Requests
      • Getting the Tokens
        • During Authentication
          • During Email/Phone Verification
        • During enrolling Trusted Devices
  • 🔌API Reference
    • User API
      • User Object
    • OAuth Tokens API
      • Verify JWT Token using API (serverless)
      • Requesting Custom Claims on your Access Token
      • Older API
    • OAuth Tokens from Social Login
    • Event Object
    • Reset PIN API
  • Older API
    • Validating Cotter's Identity Token
    • Validating Cotter's Event Response
Powered by GitBook
On this page
  • What you're building
  • Try it out
  • Overview
  • Steps
  • Step 1: Setup Cotter
  • Step 2: Show Cotter Form
  • What we have so far
  • Step 3: Sending the Payload to your Backend Server
  • Handling the response in your backend
  • 🎉 You're done!
  • Securing your Project
  • What's Next
  1. SDK Reference
  2. Web

Sign In with Email/Phone Number

Our JavaScript SDK offers the easiest way to integrate Cotter 's email/phone verification. You can simply embed Cotter's Login Form and it will do the heavy lifting for you.

PreviousWebNextCustomize the Form

Last updated 3 years ago

Concepts: Learn about how works.

What you're building

Try it out

Overview

Verifying email and phone number in your website using our JavaScript SDK consists of the following steps:

  1. Embed Cotter in your website

  2. Receive a Callback with user's data and a token from Cotter

  3. Send the token to your backend server

Steps

Step 1: Setup Cotter

Include Javascript SDK

To use our Javascript SDK, include the script below in your HTML page or use the npm package.

<script
    src="https://unpkg.com/cotter@0.3.32/dist/cotter.min.js"
    type="text/javascript"
></script>
npm install cotter --save
yarn add cotter

Initialize Cotter

Initialize Cotter in your Login page. If using HTML, put this script at the bottom of your <body> . If you're using React, put this in useEffect or componentDidMount . We want this script to run right after the page is loaded.

<script>
  var cotter = new Cotter("<YOUR_API_KEY_ID>"); // 👈 Specify your API KEY ID here

   cotter
    .withFormID("form_default") // Use customization for form "form_default"
    .signInWithLink()  // to send a verification code, use .signInWithOTP()
    .showEmailForm()  // to send via phone number use .showPhoneForm()
    .then(payload => {
      // payload is Cotter's token containing user information
      console.log("Cotter User Information", payload);
      // ==================================
      // TODO: Login to backend
      // ==================================
  })
  .catch(err => console.log(err));
</script>
import Cotter from "cotter"; //  1️⃣  Import Cotter

//...

useEffect(() => {
  var cotter = new Cotter(API_KEY_ID); // 👈 Specify your API KEY ID here
  
  cotter
    .withFormID("form_default") // Use customization for form "form_default"
    .signInWithLink()  // to send a verification code, use .signInWithOTP()
    .showEmailForm()  // to send via phone number use .showPhoneForm()
    .then(payload => {
      // payload is Cotter's token containing user information
      console.log("Cotter User Information", payload);
      // ==================================
      // TODO: Login to backend
      // ==================================
  })
  .catch(err => console.log(err));
}, []);

Adding more fields

Send Code via WhatsApp

Step 2: Show Cotter Form

Add the <div> container with id "cotter-form-container"

<div
  id="cotter-form-container"
  style="width: 300px; height: 300px;"
></div>
{/*  3️⃣  Put a <div> that will contain the form */}
<div id="cotter-form-container" style={{ width: 300, height: 300 }} />

What we have so far

<script
    src="https://unpkg.com/cotter@0.3.32/dist/cotter.min.js"
    type="text/javascript"
></script>

<div
  id="cotter-form-container"
  style="width: 300px; height: 300px;"
></div>

<script>
  var cotter = new Cotter("<YOUR_API_KEY_ID>"); // 👈 Specify your API KEY ID here

  cotter
    .withFormID("form_default") // Use customization for form "form_default"
    .signInWithLink()
    .showEmailForm()  // to send via phone number use .showPhoneForm()
    .then(payload => {
      console.log("Cotter User Information", payload);
      // TODO: Login to server
    })
    .catch(err => console.log(err));
</script>
import React, { useEffect } from "react";
import Cotter from "cotter"; //  1️⃣  Import Cotter

function App() {

  //  2️⃣ Initialize and show the form
  useEffect(() => {
    var cotter = new Cotter(API_KEY_ID); // 👈 Specify your API KEY ID here
    
    cotter
      .withFormID("form_default") // Use customization for form "form_default"
      .signInWithLink() 
      .showEmailForm()
      .then(payload => {
        console.log("Cotter User Information", payload);
        // TODO: Login to server
    })
    .catch(err => console.log(err));
  }, []);

  return (
    <div>
      {/*  3️⃣  Put a <div> that will contain the form */}
      <div id="cotter-form-container" style={{ width: 300, height: 300 }} />
    </div>
  );
}

export default App;

Step 3: Sending the Payload to your Backend Server

You can get the authentication response in the then callback function and send it to your server. For example:

var cotter = new Cotter("<YOUR_API_KEY_ID>");

cotter
  .withFormID("form_default") // Use customization for form "form_default"
  .signInWithLink()
  .showEmailForm() 
  .then(payload => {
    console.log("Cotter User Information", payload);
    
    // TODO: Login to Server
    axios
      .post("http://localhost:3005/login", payload)
      .then((resp) => console.log("Response From Server", resp))
      .catch((err) => console.log(err));
  })
  .catch(err => console.log(err));

The payload that you receive from the promise is a JSON Object with the following format:

{
    "email": "myemail@gmail.com", // User's email (or phone number)
    "oauth_token": {
        "access_token": "eyJhbGciOiJFUzI1NiIsImt...", // Access Token to validate
        "id_token": "eyJhbGciOiJFUzI1Ni...",
        "refresh_token": "27805:CNf76faa8trMhjXM...",
        "expires_in": 3600,
        "token_type": "Bearer",
        "auth_method": "OTP"
    },
    "user": {
        "ID": "abcdefgh-abcd-abcd-abcd-af6f81fb5432", // [Deprecated] Cotter User ID
        "created_at": "2020-07-21T05:50:14.182738Z",
        "updated_at": "2020-07-21T06:00:47.115096Z",
        "deleted_at": "0001-01-01T00:00:00Z",
        "issuer": "<YOUR_API_KEY_ID>",
        "identifier": "myemail@gmail.com"
    }
}

Please use the identifier (email/phone number) as your main way to identify users, user.ID is deprecated.

Handling the response in your backend

🎉 You're done!

Securing your Project

Since you'll be using your API Key from a front-end website or mobile app, your API_KEY_ID is exposed to anyone inspecting your code. Here are some ways to prevent abuse:

What's Next

Quickly try out how it works in our ! 🎉

with your API_KEY_ID and some config

containing the user's information to your backend server

Make sure you check for the latest version at

You can also , customize the styles, and intercept the authentication request before it's sent. Check out how to .

Instead of using SMS, you can also send the code via WhatsApp. Go to the > Branding and chose "Phone" on top of the preview.

To send code/link via SMS or WhatsApp, you'll need to add some balance to you project in the .

You should to ensure this is valid and it comes from Cotter's server.

: You can add Styling from the dashboard or add custom CSS

: Add fields like Name, Address, etc to the login form

: Useful for employees-only portals, RSVP, waitlists, checking if the user is registered, etc.

📘
Hello World Example
https://www.npmjs.com/package/cotter
Dashboard
Dashboard
verify the access token
Backend: Handling Response
Only allow your website/app to use your API Key
Rate Limit the number of authentication requests
Enable reCAPTCHA to prevent automated abuse
Styling the Form
Check the email/phone before logging in
Setup Cotter
Show Cotter form
Send the Payload
Sign in with Email/Phone Number
Customize the Form
Cotter's Embeddable Login Form using the JS SDK
add more fields
Add Additional Fields