Checking the email or phone before sending a verification code
You can call a function to check the entered email or phone before we send a verification code or magic link.
- You only allow specific list of pre-screened phone numbers or emails
- You want to know if the user is already registered, and redirect them to a Login page instead
- You want to check if the email is from a certain domain
var cotter = new Cotter("<YOUR_API_KEY_ID>");
cotter
.signInWithLink(myOnBeginFunction) // 👈 Pass in your function here
.showEmailForm()
.then(payload => {})
.catch(payload => {});
This function will be invoked before we send the verification code or magic link. You will receive the following payload as a parameter to your function
Payload passed into your OnBegin function
var payload = {
identifier: "+12345678910",
identifier_type: "PHONE",
device_type: "BROWSER",
device_name: "Chrome ...",
client_json: { // This is available if you set up AdditionalFields
"name": "Hello World",
"address": "Street Address"
}
};
You can do a check against the
identifier
here before the form is submitted.If you include
OnBegin
key, you have to either return an error string, or return null if you want to continue the authentication process:A. If you want to continue submission:
return null;
B. If you want to stop submission with an error:
return "Your error message";
Example with sync function:
const myOnBeginFunction = payload => {
if (payload.identifier != "+12345678910") {
return "Phone Number is not allowed";
}
// No error, continue submission
return null;
}
Example with async function:
const myOnBeginFunction = async (payload)=> {
try {
let allowed = await checkIfPhoneAllowed(payload.identifier);
if (!allowed) {
return "Phone Number is not allowed";
}
} catch (e) {
return e.message; // Make sure this is a string!
}
// No error, continue submission
return null;
}
When a user logs in to Cotter, the SDK generates an
access_token
that you can send to your backend API to authorize a request. This access token contains the user's email or phone number. You should check if the email or phone number is allowed to log in in your backend server when validating the JWT token in addition to the OnBegin function.Last modified 2yr ago