Getting the Tokens

Getting an access token from Cotter's SDK is as easy as setting a variable to `true`.

Getting Cotter's OAuth Tokens is very easy using our current authentication methods. You should automatically receive the oauth_token whenever a user is succesfully authenticated, either using magic link, OTP, trusted device, or WebAuthn.

You will get an oauth_token object in the JSON response with all the tokens:

{
  ...
  "oauth_token": {
    "access_token": "eyJhbGciOiJFUzI1sInR5cC...",
    "auth_method": "TRUSTED_DEVICE", // authentication method used
    "expires_in": 3600,              // expiry in seconds
    "id_token": "eyJhbGciOiJFUz...",
    "refresh_token": "60:79hbLxl3aTjWWgCcIRnn...",
    "token_type": "Bearer"
  }
}

Getting Tokens using the SDK

There are 3 places in the existing SDK where you can receive access tokens:

During Email/Phone VerificationDuring AuthenticationDuring enrolling Trusted Devices

Getting Tokens using HTTP Request

You can also call Cotter's API to get the tokens.

Using the Refresh Token

Last updated