Get Tokens during Authentication

When a user logs in to your application using the Sign in with Email/Phone or the Sign in with Device method, Cotter will return OAuth tokens in the form of JWT Tokens.

  • For Sign in with Email/Phone: The authentication_method = OTP

  • For Sign in with Device: The authentication_method = TRUSTED_DEVICE

You will receive the access token when using these features:

Sign In with Email/Phone NumberSign In with WebAuthn

The JS SDK automatically store your tokens securely

Tokens must be stored securely within your application. Use Android Keystore for Android and iOS KeyChain for iOS apps.

Getting and Removing tokens from the Storage

You need to pass the access_token to your backend server on every API calls. You also need to remove the tokens from storage to log out your users. Check out how to do that here:

Storing and Removing Tokens

Renewing Expired Tokens

Access tokens and ID tokens expires in 1 hour. When they're expired, you need to use the refresh_token to get new tokens. Check out how to renew expired tokens:

Renewing Expired Tokens

Last updated