DEV Community


Discussion on: How do you handle authentification?

putrikarunia profile image
Putri Karunia

Hi Moritz, we built Cotter, a passwordless login provider for websites and apps targeted for less tech-savvy users by eliminating passwords.

Users can simply log in with an OTP or magic link sent to their email, SMS, or WhatsApp. This is the method that big apps use in developing countries (like Rappi and Gojek) because it reduces friction when the user tries to login since they won't "forget their password".

You can embed Cotter on your webpage so it doesn't need a redirection. For mobile apps, we do use the PKCE flow in which case the SDK will show an in-app browser for the user to enter the OTP before redirecting back to your app.

Both login forms on the website and the in-app browsers in mobile apps are fully customizable to follow your UI theme, it shouldn't break the user experience. PKCE is also the recommended flow for mobile apps based on OAuth 2.0, so there aren't many alternative ways to do it securely.

Forem Open with the Forem app