Get Tokens during Authentication

When a user logs in to your application using the Sign in with Email/Phone or the Sign in with Device method, Cotter will return OAuth tokens in the form of JWT Tokens.

  • For Sign in with Email/Phone: The authentication_method = OTP

  • For Sign in with Device: The authentication_method = TRUSTED_DEVICE

You will receive the access token when using these features:

Sign In with Email/Phone NumberSign In with WebAuthn

Getting and Removing tokens from the Storage

You need to pass the access_token to your backend server on every API calls. You also need to remove the tokens from storage to log out your users. Check out how to do that here:

Storing and Removing Tokens

Renewing Expired Tokens

Access tokens and ID tokens expires in 1 hour. When they're expired, you need to use the refresh_token to get new tokens. Check out how to renew expired tokens:

Renewing Expired Tokens

Last updated