Webflow + Cotterโ€™s Magic Link Tutorial

In this tutorial we're going to guide you on how to authenticate your users using magic links on Webflow.

Part 1: Cotter Setup

Go to https://dev.cotter.app to create an account. Once you have created an account make sure to create a new project and grab the API Key ID. We will be using your API Key ID later in part 2.

Part 2: Webflow Setup

For this tutorial we have created 2 pages: Login Page (/) and Protected Page (/protected). The login page will display the embedded Cotter login form for your users to type in their email while the protected page will display protected content that only a logged in user can view.

Login Page Setup (where the login form will show up)

On the login page page we need to include a section element to load Cotter's login form; moreover, we need to set that section id "cotter-form-container". This enables Cotter's JS SDK to load the login form to the section element that we just added.

After finishing the page, setup we can start with adding custom code to the Login Page. Copy paste the code below to the custom code tab on the Login Page settings.

Page Settings
Scroll down to "Custom Code" section
  1. Get Cotter JS SDK

Add the code below to the head of the Login Page.

<!--Get Cotter JS SDK-->
<script
  src="https://unpkg.com/[email protected]/dist/cotter.min.js"
  type="text/javascript"
></script>

2. Initialize Cotter

Add the code below to the body of the Login Page.

<!-- 2. Initialize Cotter -->
<script>
  var cotter = new Cotter("<YOUR_API_KEY_ID>"); // ๐Ÿ‘ˆ Specify your API KEY ID
  cotter
    // Choose what method of login do you want
    // Sign In with Magic Link
    .signInWithLink()
    // Send Magic Link via email
    .showEmailForm()
   
    .then(() => {   
      // redirect to the protected page
      window.location.href = "/protected";
    })
    .catch(err => {
      // handle error
    });
</script>

Make sure that you have pasted your API Key ID on the code block above.

Protected Page Setup (and any other page you want to protect)

Now let's move on to the protected page, we need to include a header (h2) element and set that header id "welcome-text-heading" in order to load the user's email address and a button element with button id "signout-button" to enable sign out functionality for the user.

Moreover, we'll be adding custom code to both the head and the body. We'll be adding custom code to the header to check if a user is logged in and to fetch the user's OAuth token. The custom code in the body will be used to parse the user data and display his/her email on the page.

  1. Check if the User is Logged In

Add the code below to the head of the Protected Page

<script
  src="https://unpkg.com/[email protected]/dist/cotter.min.js"
  type="text/javascript"
></script>

<script>
  async function checkLoggedIn() {
    //Initialize Cotter
    var cotter = new Cotter("<YOUR_API_KEY_ID>"); // ๐Ÿ‘ˆ Specify your API KEY ID
    
    // 1. We check if a user has already logged in
    const accessTokenObject = await cotter.tokenHandler.getAccessToken();
    const accessToken = accessTokenObject ? accessTokenObject.token : null;

    // 2. If user is not logged in then we redirect to the login page
    if (!accessToken) window.location.href = "/";

    // 3. Construct the body for access token verification
    let body = {
      oauth_token: {
        access_token: accessToken
      }
    };

    // 4. If user is logged in then we fetch the user data  
    let url = "https://worker.cotter.app/verify";
    fetch(url, {
      method: "POST",
      cache: "no-cache",
      headers: {
        "Content-Type": "application/json",
        API_KEY_ID: "<YOUR_API_KEY_ID>"   // ๐Ÿ‘ˆ Specify your API KEY ID here
      },
      mode: "cors",
      body: JSON.stringify(body)
    })
      .then((resp) => resp.json())
      .then((data) => {
        if (!data.success) { window.location.href = "/" }
      });
  }
  
  //Call the CheckLoggedIn function
  checkLoggedIn();
  
</script>

Make sure that you have pasted your API Key ID on the code block above.

2. Display User Data and Page Content

Add the code below to the body of the Protected Page

<script>
  // 1. Initialize Cotter
  var cotter = new Cotter("<YOUR_API_KEY_ID>"); // ๐Ÿ‘ˆ Specify your API KEY ID

  // 2. Fetch the user data
  const user = cotter.getLoggedInUser();

  // 3. Display user email
  document.getElementById("welcome-text-heading").innerHTML = `Welcome ${user.identifier},`;

  // 4. Display sign out button
  document.getElementById("signout-button")
  .addEventListener("click", async () => {
    await cotter.logOut();
    window.location.href = "/"; // Redirect to home	      
  });
</script>

Make sure that you have pasted your API Key ID on the code block above.

Part 3: Publish and Test

We've arrived at the last part of this tutorial and all that you need to do is to click publish and test Cotter's magic link authentication for your Webflow website!


Webflow Use Cases


Questions & Feedback

Come and talk to the founders of Cotter and other developers who are using Cotter on Cotter's Slack Channel.

Ready to use Cotter?

If you enjoyed this tutorial and want to integrate Cotter into your website or app, you can create a free account and check out our documentation.

If you need help, ping us on our Slack channel or email us at [email protected]