# During Authentication When you are authenticating users using Trusted Devices, Biometric or Pin, Cotter allows you to optionally request OAuth Tokens to be returned **in addition to** the [Event token](/older-api/validating-cotters-event-response.md). The `authentication_method` specified will be either `TRUSTED_DEVICE`, `BIOMETRIC` or `PIN`. ## Trusted Device Authentication {% tabs %} {% tab title="React Native SDK" %} In the [React Native SDK](/sdk-reference/react-native/react-native-sdk-passwordless-login.md), you would follow this guide to [request authentication using Trusted Devices.](/sdk-reference/react-native/react-native-sdk-passwordless-login.md#step-6-authenticate-from-a-trusted-device-and-non-trusted-device) When the user successfully authenticated, either from a Trusted Device or when the user approved a login from a Non-Trusted Device, you would receive a [JSON Response about the event and a signature.](/sdk-reference/react-native/react-native-sdk-passwordless-login.md#step-6-authenticate-from-a-trusted-device-and-non-trusted-device) To also receive OAuth Tokens, modify your code by adding `getOAuthToken = true` in the parameters: ```javascript // Requesting an authentication using Cotter var cotter = new Cotter( , userID, ); cotter.trustedDevice.requestAuth( 'EVENT NAME', this.onRequestSuccess, this.onRequestError, {}, // Add customization here, or leave as {} (getOAuthToken = true), // 👈 Add this parameter ); ``` In the `onRequestSuccess`, you'll receive the following response: ```javascript { "CreatedAt": "2020-04-06T22:21:45.614843-07:00", "DeletedAt": null, "ID": 495, "UpdatedAt": "2020-04-06T22:21:45.614843-07:00", "approved": true, "client_user_id": "xyzABC123", "event": "LOGIN", "ip": "73.15.208.6", "issuer": "", "location": "Orinda", "method": "TRUSTED_DEVICE", "new": false, "signature": "jiUHTm2zBcbkIYNbZ6...", "timestamp": "1586236905", "oauth_token": { // 👈 NEW OAuth Tokens "access_token": "eyJhbGciOiJFUzI1N...", "auth_method": "TRUSTED_DEVICE", "expires_in": 3600, "id_token": "eyJhbGciOiJFUzI1Ni...", "refresh_token": "96:ukrYGIisImyKXwKTR1tIuiR...", "token_type": "Bearer" } } ``` {% hint style="success" %} Cotter's React Native SDK **automatically** **store your tokens securely** inside the device's secure storage. {% endhint %} {% endtab %} {% tab title="Other SDKs (coming soon)" %} We'll add support for JS, Android and iOS soon 😉. Stay tuned! {% endtab %} {% endtabs %} {% hint style="warning" %} **Tokens must be stored securely within your application**. {% endhint %} ### Getting and Removing tokens from the Storage You need to pass the `access_token` to your backend server on every API calls. You also need to remove the tokens from storage to log out your users. Check out how to do that here: {% content-ref url="/pages/-M4I5Ed9v0BbC7OxzSFn" %} [Storing and Removing Tokens](/getting-access-token/storing-and-removing-tokens.md) {% endcontent-ref %} ### Renewing Expired Tokens Access tokens and ID tokens expires in 1 hour. When they're expired, you need to use the `refresh_token` to get new tokens. Check out how to renew expired tokens: {% content-ref url="/pages/-M4I0B0i0yghkR8yjphX" %} [Renewing Expired Tokens](/getting-access-token/renewing-expired-tokens.md) {% endcontent-ref %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cotter.app/getting-access-token/older-api/getting-the-tokens/during-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.