Cotter
  • 🚀Getting Started
  • Features & Concepts
    • 💬Sign In with Email/Phone Number
    • 🔐Sign In with Device
      • How it works
    • 🧬Sign In with WebAuthn
  • 📌Quickstart Guides
    • All Guides & Tutorials
    • HTML – Sign in with Email/Phone
    • React – Sign in with Email/Phone
    • React – WebAuthn
    • ▲ Next.js
    • Angular
    • Webflow
    • Bubble.io
    • Python SDK for a CLI
    • React Native – Sign in with Device
    • iOS – Sign in with Device
    • Flutter – Sign in with Device
  • 📘SDK Reference
    • Web
      • Sign In with Email/Phone Number
        • Customize the Form
        • Checking the email or phone before sending a verification code
        • Sending Code or Link via WhatsApp
        • Styling
        • Older SDK
          • Customize the Form
      • Sign in with Social Login
        • Getting Access Tokens from Social Login Providers
        • Github Instructions
        • Google Instructions
      • Sign In with WebAuthn
        • Register WebAuthn for a logged-in user
      • Sign In with Device
        • Steps for Pop Up Authentication Prompt
        • Advanced Customization for Login Form
        • Advanced Customization for Pop Up Authentication Prompt
      • Getting Access Token and Logged-In User Info
      • Sending Successful Form Submission
      • FAQ & Troubleshooting
    • React Native
      • Installation
      • Sign In with Device
        • Add Email/Phone Verification
        • Authenticate from a Non-Trusted Device
        • Add a new Trusted Device
        • Remove Trusted Device
      • Sign In with Email/Phone Number
      • Getting Stored OAuth Tokens and User Information
      • FAQ
      • Older SDK Versions
        • Sign in with Email/Phone
        • Sending Code via WhatsApp
        • Sign In with Device
          • Authenticate from a Non-Trusted Device
          • Add a new Trusted Device
          • Customization
    • Flutter
      • Sign In with Device
        • Add Email/Phone Verification
        • Authenticate from a Non-Trusted Device
      • Sign in with Email/Phone Number
      • Getting the Logged-in User
      • Getting OAuth Tokens
      • Signing a User Out
    • iOS
      • Sign In with Email/Phone Number
      • Sign In with Device
        • Authenticate from a Non-Trusted Device
        • Push Notification
        • Check if Trusted Device is Enrolled
        • Add a New Trusted Device
        • Remove Trusted Device
      • Older Versions
        • Biometric/Pin
    • Android
      • Sign In with Device
        • Authenticate from a Non-Trusted Device
        • Check if Trusted Device is Enrolled
        • Add a new Trusted Device
        • Remove Trusted Device
        • Customization
      • Sign In with Email/Phone Number
      • Biometric/Pin
        • Advanced Methods
        • Customization
        • Setting Strings
        • Styling
      • Older SDK Version
        • Sign In with Device
          • Authenticate from a Non-Trusted Device
    • Python (for CLI)
    • API for Other Mobile Apps or CLI
      • Verify Email/Phone Number
        • Handling URL Scheme
    • Backend: Handling Response
  • 🛡️ Protecting Your Account
    • Only Allow Your Website/App to Use Your API Key
    • Rate Limit
    • Enable reCAPTCHA to Protect Against Automated Abuse
  • 🗝️ Getting Access Token
    • Cotter's OAuth 2.0 Tokens Specification
    • Getting the Tokens
      • Get Tokens during Authentication
      • Using the Refresh Token
    • Storing and Removing Tokens
    • Renewing Expired Tokens
    • Verifying JWT Tokens
    • Requesting Custom Fields on your JWT Token
    • Older API
      • Using HTTP Requests
      • Getting the Tokens
        • During Authentication
          • During Email/Phone Verification
        • During enrolling Trusted Devices
  • 🔌API Reference
    • User API
      • User Object
    • OAuth Tokens API
      • Verify JWT Token using API (serverless)
      • Requesting Custom Claims on your Access Token
      • Older API
    • OAuth Tokens from Social Login
    • Event Object
    • Reset PIN API
  • Older API
    • Validating Cotter's Identity Token
    • Validating Cotter's Event Response
Powered by GitBook
On this page
  • Use case
  • Implementation
  • The OnBegin function specification
  • You should also check the email when Verifying the JWT Token
  1. SDK Reference
  2. Web
  3. Sign In with Email/Phone Number

Checking the email or phone before sending a verification code

You can call a function to check the entered email or phone before we send a verification code or magic link.

Use case

  • You only allow specific list of pre-screened phone numbers or emails

  • You want to know if the user is already registered, and redirect them to a Login page instead

  • You want to check if the email is from a certain domain

Check out this example code that only allows business email to login.

Implementation

var cotter = new Cotter("<YOUR_API_KEY_ID>"); 

cotter
  .signInWithLink(myOnBeginFunction) // 👈 Pass in your function here
  .showEmailForm()
  .then(payload => {})
  .catch(payload => {});

The OnBegin function specification

This function will be invoked before we send the verification code or magic link. You will receive the following payload as a parameter to your function

Payload passed into your OnBegin function

var payload = {
  identifier: "+12345678910",
  identifier_type: "PHONE",
  device_type: "BROWSER",
  device_name: "Chrome ...",
  client_json: { // This is available if you set up AdditionalFields
    "name": "Hello World",
    "address": "Street Address"
  }
};

You can do a check against the identifier here before the form is submitted.

If you include OnBegin key, you have to either return an error string, or return null if you want to continue the authentication process:

A. If you want to continue submission:

return null;

B. If you want to stop submission with an error:

return "Your error message";

Example with sync function:

 const myOnBeginFunction = payload => {
  if (payload.identifier != "+12345678910") {
    return "Phone Number is not allowed";
  }
  // No error, continue submission
  return null;
}

Example with async function:

 const myOnBeginFunction = async (payload)=> {
    try {
     let allowed = await checkIfPhoneAllowed(payload.identifier);
     if (!allowed) {
       return "Phone Number is not allowed";
     }
    } catch (e) {
     return e.message; // Make sure this is a string!
    }
    // No error, continue submission
    return null;
}

You should also check the email when Verifying the JWT Token

When a user logs in to Cotter, the SDK generates an access_token that you can send to your backend API to authorize a request. This access token contains the user's email or phone number. You should check if the email or phone number is allowed to log in in your backend server when validating the JWT token in addition to the OnBegin function.

PreviousCustomize the FormNextSending Code or Link via WhatsApp

Last updated 4 years ago

📘