Access Tokens and ID Tokens are valid for 1 hour. To generate new tokens, you need to use the Refresh Token.
Cotter's SDK generally handles this for you. Check the availability below.
✅ Cotter's JavaScript SDK (from npm) automatically renews your access_token
and id_token
whenever there is a valid refresh_token
in storage.
This renewal is called when you call Cotter's Get Access Token function.
cotter.tokenHandler.getAccessToken();
✅ Cotter's JavaScript SDK (from npm) automatically renews your access_token
and id_token
whenever there is a valid refresh_token
in storage.
This renewal is called when you call Cotter's Get Access Token function.
cotter.tokenHandler.getAccessToken();
✅ Cotter's Flutter SDK automatically renews your access_token
and id_token
whenever there is a valid refresh_token
in storage.
This renewal is called when you call Cotter's Get Access Token function.
var accessToken = await cotter.getAccessToken();
We'll add support for Android and iOS soon 😉. Stay tuned!
If Cotter's SDK doesn't support auto renewal, or if you you need to renew the tokens manually, you can make an HTTP request to Cotter's Server to renew the tokens using a refresh_token
.
curl -XPOST \-H 'API_KEY_ID: <YOUR API KEY ID>' \-H "Content-type: application/json" \-d '{"grant_type": "refresh_token","refresh_token": "<REFRESH_TOKEN>"}' 'https://www.cotter.app/api/v0/token/<YOUR API KEY ID>'
access_token
and id_token
using refresh_token
API_KEY_ID
API_KEY_ID
refresh_token
refresh_token
access_token
and id_token
. Does not return a new refresh_token
{"access_token": "eyJhbGciOiJFU...","auth_method": "OTP","expires_in": 3600, // expiry in seconds"id_token": "eyJhbGciOiJFUzI1N...","refresh_token": "235:s3kjlwkg035...", // NEW refresh token"token_type": "Bearer"}
Note that this does invalidates the old refresh_token
and return a new refresh_token
When your refresh_token
is expired, you have to re-authenticate your user. If you're using Trusted Devices and the current device is a trusted device, you can simply request authentication silently, in the background by Signing in with Device.