# Get Tokens during Authentication

When a user logs in to your application using the **Sign in with Email/Phone** or the **Sign in with Device** method, Cotter will return OAuth tokens in the form of JWT Tokens.

* For **Sign in with Email/Phone:** The `authentication_method` = `OTP`
* For **Sign in with Device:** The `authentication_method` = `TRUSTED_DEVICE`

{% tabs %}
{% tab title="JS/HTML" %}
You will receive the access token when using these features:

{% content-ref url="../../sdk-reference/web/web-sdk-verify-email-phone" %}
[web-sdk-verify-email-phone](https://docs.cotter.app/sdk-reference/web/web-sdk-verify-email-phone)
{% endcontent-ref %}

{% content-ref url="../../sdk-reference/web/sign-in-with-webauthn" %}
[sign-in-with-webauthn](https://docs.cotter.app/sdk-reference/web/sign-in-with-webauthn)
{% endcontent-ref %}

{% hint style="success" %}
The JS SDK **automatically store your tokens securely**
{% endhint %}
{% endtab %}

{% tab title="React Native" %}
You will get an access token when using the following features:

{% content-ref url="../../sdk-reference/react-native/react-native-sdk-passwordless-login" %}
[react-native-sdk-passwordless-login](https://docs.cotter.app/sdk-reference/react-native/react-native-sdk-passwordless-login)
{% endcontent-ref %}

{% content-ref url="../../sdk-reference/react-native/react-native-sdk-verify-email-phone" %}
[react-native-sdk-verify-email-phone](https://docs.cotter.app/sdk-reference/react-native/react-native-sdk-verify-email-phone)
{% endcontent-ref %}

{% hint style="success" %}
The React Native SDK **automatically** **store your tokens securely**
{% endhint %}
{% endtab %}

{% tab title="Flutter" %}
You will get an access token when using the following features:

{% content-ref url="../../sdk-reference/flutter/sign-in-with-device" %}
[sign-in-with-device](https://docs.cotter.app/sdk-reference/flutter/sign-in-with-device)
{% endcontent-ref %}

{% content-ref url="../../sdk-reference/flutter/sign-in-with-email-phone-number" %}
[sign-in-with-email-phone-number](https://docs.cotter.app/sdk-reference/flutter/sign-in-with-email-phone-number)
{% endcontent-ref %}

{% hint style="success" %}
The Flutter SDK **automatically** **store your tokens securely**
{% endhint %}
{% endtab %}

{% tab title="Android" %}
You will get an access token when using the following features:

{% content-ref url="../../sdk-reference/android/sign-in-with-device" %}
[sign-in-with-device](https://docs.cotter.app/sdk-reference/android/sign-in-with-device)
{% endcontent-ref %}

{% content-ref url="../../sdk-reference/android/android-sdk-1" %}
[android-sdk-1](https://docs.cotter.app/sdk-reference/android/android-sdk-1)
{% endcontent-ref %}
{% endtab %}

{% tab title="API For Mobile Apps" %}
Using the [API for Mobile Apps](https://docs.cotter.app/sdk-reference/api-for-other-mobile-apps), you would follow this guide to [get the identity of the user.](https://docs.cotter.app/sdk-reference/api-for-other-mobile-apps/api-for-mobile-apps#step-3-request-tokens-and-identity) When the user's email or phone number is successfully verified, [you'll receive information about the user and a signature from Cotter.](https://docs.cotter.app/sdk-reference/api-for-other-mobile-apps/api-for-mobile-apps#response)

To also receive OAuth Tokens, add a query parameter `oauth_token=true` in the http request:

```
https://www.cotter.app/api/v0/verify/get_identity?oauth_token=true
```

The full request would be:

```
curl -XPOST \
-H 'Content-type: application/json' \
-H 'API_KEY_ID: <api_key_id>' \
-d '{
  "code_verifier": "<code_verifier>",
  "authorization_code": "<authorization_code>",
  "challenge_id": <challenge_id>,
  "redirect_url": "<redirect_url>"
}' 'https://www.cotter.app/api/v0/verify/get_identity?oauth_token=true'
```

You'll get the following response:

{% code title="JSON Response" %}

```javascript
{
  "identifier": {
    "ID": "2ddc26f6-f392-4d7e-8607-1f57d41da045",
    "created_at": "2020-04-05T04:50:55.931771Z",
    "deleted_at": null,
    "device_name": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Mobile/15E148 Safari/604.1",
    "device_type": "BROWSER",
    "expiry": "2020-05-07T03:34:58.729745Z",
    "identifier": "hello@gmail.com",
    "identifier_type": "EMAIL",
    "public_key": "FvozWVGHo9lWE5ilLOF...",
    "timestamp": "2020-04-07T03:34:58.729745Z",
    "update_at": "2020-04-07T03:34:58.733779Z"
  },
  "token": { // You can ignore this if you're using the oauth_token 
    "expire_at": "1588822498",
    "identifier": "hello@gmail.com",
    "identifier_id": "2ddc26f6-f392-4d7e-8607-1f57d41da045",
    "identifier_type": "EMAIL",
    "receiver": "<your API KEY ID>",
    "signature": "XIbztHLKQSqzbnuBgyC+GfAK...",
    "timestamp": "1586230498"
  },
  "oauth_token": {  // 👈 NEW OAuth Tokens 👈
    "access_token": "eyJhbGciOiJFUz...",
    "auth_method": "OTP",
    "expires_in": 3600,
    "id_token": "eyJhbGciOiJFUz...",
    "refresh_token": "94:qv2SAJN5u2u...",
    "token_type": "Bearer"
  }
}
```

{% endcode %}
{% endtab %}

{% tab title="Other SDKs (coming soon)" %}
We'll add support for the other SDKs soon 😉. Stay tuned!
{% endtab %}
{% endtabs %}

{% hint style="warning" %}
**Tokens must be stored securely within your application.** Use [Android Keystore](https://developer.android.com/training/articles/keystore) for Android and [iOS KeyChain](https://developer.apple.com/documentation/security/keychain_services) for iOS apps.
{% endhint %}

## Getting and Removing tokens from the Storage

You need to pass the `access_token` to your backend server on every API calls. You also need to remove the tokens from storage to log out your users. Check out how to do that here:

{% content-ref url="../storing-and-removing-tokens" %}
[storing-and-removing-tokens](https://docs.cotter.app/getting-access-token/storing-and-removing-tokens)
{% endcontent-ref %}

## Renewing Expired Tokens

Access tokens and ID tokens expires in 1 hour. When they're expired, you need to use the `refresh_token` to get new tokens. Check out how to renew expired tokens:

{% content-ref url="../renewing-expired-tokens" %}
[renewing-expired-tokens](https://docs.cotter.app/getting-access-token/renewing-expired-tokens)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cotter.app/getting-access-token/getting-the-tokens/get-tokens-during-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.