Getting the Tokens

Getting an access token from Cotter's SDK is as easy as setting a variable to `true`.

Getting Cotter's OAuth Tokens is very easy using our current authentication methods. You should automatically receive the oauth_token whenever a user is succesfully authenticated, either using magic link, OTP, trusted device, or WebAuthn.
You will get an oauth_token object in the JSON response with all the tokens:
{
  ...
  "oauth_token": {
    "access_token": "eyJhbGciOiJFUzI1sInR5cC...",
    "auth_method": "TRUSTED_DEVICE", // authentication method used
    "expires_in": 3600,              // expiry in seconds
    "id_token": "eyJhbGciOiJFUz...",
    "refresh_token": "60:79hbLxl3aTjWWgCcIRnn...",
    "token_type": "Bearer"
  }
}
Getting Tokens using the SDK
There are 3 places in the existing SDK where you can receive access tokens:
During Email/Phone Verification
During Authentication
During enrolling Trusted Devices
Getting Tokens using HTTP Request
You can also call Cotter's API to get the tokens.
Using the Refresh Token
​

🗝️ Getting Access Token - Previous

Cotter's OAuth 2.0 Tokens Specification

Get Tokens during Authentication

Last modified 3yr ago