Get Tokens during Authentication

When a user logs in to your application using the Sign in with Email/Phone or the Sign in with Device method, Cotter will return OAuth tokens in the form of JWT Tokens.
For Sign in with Email/Phone: The authentication_method = OTP
For Sign in with Device: The authentication_method = TRUSTED_DEVICE
JS/HTML
React Native
Flutter
Android
API For Mobile Apps
Other SDKs (coming soon)
You will receive the access token when using these features:
Sign In with Email/Phone Number
Sign In with WebAuthn
The JS SDK automatically store your tokens securely
You will get an access token when using the following features:
Sign In with Device
Sign In with Email/Phone Number
The React Native SDK automatically store your tokens securely
You will get an access token when using the following features:
Sign In with Device
Sign in with Email/Phone Number
The Flutter SDK automatically store your tokens securely
You will get an access token when using the following features:
Sign In with Device
Sign In with Email/Phone Number
Using the API for Mobile Apps, you would follow this guide to get the identity of the user. When the user's email or phone number is successfully verified, you'll receive information about the user and a signature from Cotter.​
To also receive OAuth Tokens, add a query parameter oauth_token=true in the http request:
1
https://www.cotter.app/api/v0/verify/get_identity?oauth_token=true
Copied!
The full request would be:
1
curl -XPOST \
2
-H 'Content-type: application/json' \
3
-H 'API_KEY_ID: <api_key_id>' \
4
-d '{
5
  "code_verifier": "<code_verifier>",
6
  "authorization_code": "<authorization_code>",
7
  "challenge_id": <challenge_id>,
8
  "redirect_url": "<redirect_url>"
9
}' 'https://www.cotter.app/api/v0/verify/get_identity?oauth_token=true'
Copied!
You'll get the following response:
JSON Response
1
{
2
  "identifier": {
3
    "ID": "2ddc26f6-f392-4d7e-8607-1f57d41da045",
4
    "created_at": "2020-04-05T04:50:55.931771Z",
5
    "deleted_at": null,
6
    "device_name": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Mobile/15E148 Safari/604.1",
7
    "device_type": "BROWSER",
8
    "expiry": "2020-05-07T03:34:58.729745Z",
9
    "identifier": "[email protected]",
10
    "identifier_type": "EMAIL",
11
    "public_key": "FvozWVGHo9lWE5ilLOF...",
12
    "timestamp": "2020-04-07T03:34:58.729745Z",
13
    "update_at": "2020-04-07T03:34:58.733779Z"
14
  },
15
  "token": { // You can ignore this if you're using the oauth_token 
16
    "expire_at": "1588822498",
17
    "identifier": "[email protected]",
18
    "identifier_id": "2ddc26f6-f392-4d7e-8607-1f57d41da045",
19
    "identifier_type": "EMAIL",
20
    "receiver": "<your API KEY ID>",
21
    "signature": "XIbztHLKQSqzbnuBgyC+GfAK...",
22
    "timestamp": "1586230498"
23
  },
24
  "oauth_token": {  // 👈 NEW OAuth Tokens 👈
25
    "access_token": "eyJhbGciOiJFUz...",
26
    "auth_method": "OTP",
27
    "expires_in": 3600,
28
    "id_token": "eyJhbGciOiJFUz...",
29
    "refresh_token": "94:qv2SAJN5u2u...",
30
    "token_type": "Bearer"
31
  }
32
}
Copied!
We'll add support for the other SDKs soon 😉. Stay tuned!
Tokens must be stored securely within your application. Use Android Keystore for Android and iOS KeyChain for iOS apps.
Getting and Removing tokens from the Storage
You need to pass the access_token to your backend server on every API calls. You also need to remove the tokens from storage to log out your users. Check out how to do that here:
Storing and Removing Tokens
Renewing Expired Tokens
Access tokens and ID tokens expires in 1 hour. When they're expired, you need to use the refresh_token to get new tokens. Check out how to renew expired tokens:
Renewing Expired Tokens
​

🗝️ Getting Access Token - Previous

Getting the Tokens

Using the Refresh Token

Last modified 1yr ago

Copy link

Contents

Getting and Removing tokens from the Storage

Renewing Expired Tokens