Cotter
Cotter
Blog
Dashboard
Get help on Slack 👋
🚀 Getting Started
Features & Concepts
📌 Quickstart Guides
All Guides & Tutorials
HTML – Sign in with Email/Phone
React – Sign in with Email/Phone
React – WebAuthn
▲ Next.js
Angular
Webflow
Bubble.io
Python SDK for a CLI
React Native – Sign in with Device
iOS – Sign in with Device
Flutter – Sign in with Device
📘 SDK Reference
Web
React Native
Flutter
iOS
Android
Python (for CLI)
API for Other Mobile Apps or CLI
Backend: Handling Response
🛡️ Protecting Your Account
Only Allow Your Website/App to Use Your API Key
Rate Limit
Enable reCAPTCHA to Protect Against Automated Abuse
🗝️ Getting Access Token
Cotter's OAuth 2.0 Tokens Specification
Getting the Tokens
Storing and Removing Tokens
Renewing Expired Tokens
Verifying JWT Tokens
Requesting Custom Fields on your JWT Token
Older API
🔌 API Reference
User API
OAuth Tokens API
Verify JWT Token using API (serverless)
Requesting Custom Claims on your Access Token
Older API
OAuth Tokens from Social Login
Event Object
Older API
Validating Cotter's Identity Token
Validating Cotter's Event Response
Powered by GitBook

OAuth Tokens API

HTTP Requests for handling Access Token, ID Token, and Refresh Tokens

Renewing Tokens using Refresh Token

If Cotter's SDK doesn't support auto renewal, or if you you need to renew the tokens manually, you can make an HTTP request to Cotter's Server to renew the tokens using a refresh_token.

curl -XPOST \
-H 'API_KEY_ID: <YOUR API KEY ID>' \
-H "Content-type: application/json" \
-d '{
  "grant_type": "refresh_token",
  "refresh_token": "<REFRESH_TOKEN>"
}' 'https://www.cotter.app/api/v0/token/<YOUR API KEY ID>'

post
Get Token using Refresh Token

https://www.cotter.app/api/v0/token/<YOUR API KEY ID>
Getting new access_token and id_token using refresh_token
Request
Response
Request
Path Parameters
API_KEY_ID
optional
string
Your API_KEY_ID
Headers
Content-type
optional
string
application/json
API_KEY_ID
required
string
Your API_KEY_ID
Body Parameters
grant_type
required
string
Grant type is refresh_token
refresh_token
required
string
Your refresh_token
Response
200: OK
Returns a new access_token and id_token. Does not return a new refresh_token
{
  "access_token": "eyJhbGciOiJFU...",
  "auth_method": "OTP",
  "expires_in": 3600, // expiry in seconds
  "id_token": "eyJhbGciOiJFUzI1N...",
  "refresh_token": "234:w3tlkw3jtwk...", // NEW refresh token
  "token_type": "Bearer"
}

Refresh Token Rotation

Note that this returns a new refresh_token and invalidates the old refresh_token

Previous
User Object
Next
Verify JWT Token using API (serverless)
Last updated 4 months ago
Contents
Renewing Tokens using Refresh Token
post
Get Token using Refresh Token
Refresh Token Rotation