# During Authentication When you are authenticating users using Trusted Devices, Biometric or Pin, Cotter allows you to optionally request OAuth Tokens to be returned **in addition to** the [Event token](https://docs.cotter.app/older-api/validating-cotters-event-response). The `authentication_method` specified will be either `TRUSTED_DEVICE`, `BIOMETRIC` or `PIN`. ## Trusted Device Authentication {% tabs %} {% tab title="React Native SDK" %} In the [React Native SDK](https://docs.cotter.app/sdk-reference/react-native/react-native-sdk-passwordless-login), you would follow this guide to [request authentication using Trusted Devices.](https://docs.cotter.app/sdk-reference/react-native/react-native-sdk-passwordless-login#step-6-authenticate-from-a-trusted-device-and-non-trusted-device) When the user successfully authenticated, either from a Trusted Device or when the user approved a login from a Non-Trusted Device, you would receive a [JSON Response about the event and a signature.](https://docs.cotter.app/sdk-reference/react-native/react-native-sdk-passwordless-login#step-6-authenticate-from-a-trusted-device-and-non-trusted-device) To also receive OAuth Tokens, modify your code by adding `getOAuthToken = true` in the parameters: ```javascript // Requesting an authentication using Cotter var cotter = new Cotter( , userID, ); cotter.trustedDevice.requestAuth( 'EVENT NAME', this.onRequestSuccess, this.onRequestError, {}, // Add customization here, or leave as {} (getOAuthToken = true), // 👈 Add this parameter ); ``` In the `onRequestSuccess`, you'll receive the following response: ```javascript { "CreatedAt": "2020-04-06T22:21:45.614843-07:00", "DeletedAt": null, "ID": 495, "UpdatedAt": "2020-04-06T22:21:45.614843-07:00", "approved": true, "client_user_id": "xyzABC123", "event": "LOGIN", "ip": "73.15.208.6", "issuer": "", "location": "Orinda", "method": "TRUSTED_DEVICE", "new": false, "signature": "jiUHTm2zBcbkIYNbZ6...", "timestamp": "1586236905", "oauth_token": { // 👈 NEW OAuth Tokens "access_token": "eyJhbGciOiJFUzI1N...", "auth_method": "TRUSTED_DEVICE", "expires_in": 3600, "id_token": "eyJhbGciOiJFUzI1Ni...", "refresh_token": "96:ukrYGIisImyKXwKTR1tIuiR...", "token_type": "Bearer" } } ``` {% hint style="success" %} Cotter's React Native SDK **automatically** **store your tokens securely** inside the device's secure storage. {% endhint %} {% endtab %} {% tab title="Other SDKs (coming soon)" %} We'll add support for JS, Android and iOS soon 😉. Stay tuned! {% endtab %} {% endtabs %} {% hint style="warning" %} **Tokens must be stored securely within your application**. {% endhint %} ### Getting and Removing tokens from the Storage You need to pass the `access_token` to your backend server on every API calls. You also need to remove the tokens from storage to log out your users. Check out how to do that here: {% content-ref url="../../storing-and-removing-tokens" %} [storing-and-removing-tokens](https://docs.cotter.app/getting-access-token/storing-and-removing-tokens) {% endcontent-ref %} ### Renewing Expired Tokens Access tokens and ID tokens expires in 1 hour. When they're expired, you need to use the `refresh_token` to get new tokens. Check out how to renew expired tokens: {% content-ref url="../../renewing-expired-tokens" %} [renewing-expired-tokens](https://docs.cotter.app/getting-access-token/renewing-expired-tokens) {% endcontent-ref %}