Cotter
BlogDashboardGet help on Slack πŸ‘‹
Search…
0.1.0
πŸš€
Getting Started
Features & Concepts
πŸ“Œ
Quickstart Guides
All Guides & Tutorials
HTML – Sign in with Email/Phone
React – Sign in with Email/Phone
React – WebAuthn
β–² Next.js
Angular
Webflow
Bubble.io
Python SDK for a CLI
React Native – Sign in with Device
iOS – Sign in with Device
Flutter – Sign in with Device
πŸ“˜
SDK Reference
Web
React Native
Flutter
iOS
Android
Python (for CLI)
API for Other Mobile Apps or CLI
Backend: Handling Response
πŸ›‘οΈ Protecting Your Account
Only Allow Your Website/App to Use Your API Key
Rate Limit
Enable reCAPTCHA to Protect Against Automated Abuse
πŸ—οΈ Getting Access Token
Cotter's OAuth 2.0 Tokens Specification
Getting the Tokens
Storing and Removing Tokens
Renewing Expired Tokens
Verifying JWT Tokens
Requesting Custom Fields on your JWT Token
Older API
πŸ”Œ
API Reference
User API
OAuth Tokens API
OAuth Tokens from Social Login
Event Object
Reset PIN API
Older API
Validating Cotter's Identity Token
Validating Cotter's Event Response
Powered By GitBook
Renewing Expired Tokens
Access Tokens and ID Tokens are valid for 1 hour. To generate new tokens, you need to use the Refresh Token.

Renewing Tokens using the SDK

Cotter's SDK generally handles this for you. Check the availability below.
React Native
JavaScript (from npm)
Flutter
Other SDKs (coming soon)
βœ… Cotter's JavaScript SDK (from npm) automatically renews your access_token and id_token whenever there is a valid refresh_token in storage.
This renewal is called when you call Cotter's Get Access Token function.
cotter.tokenHandler.getAccessToken();
βœ… Cotter's JavaScript SDK (from npm) automatically renews your access_token and id_token whenever there is a valid refresh_token in storage.
This renewal is called when you call Cotter's Get Access Token function.
cotter.tokenHandler.getAccessToken();
βœ… Cotter's Flutter SDK automatically renews your access_token and id_token whenever there is a valid refresh_token in storage.
This renewal is called when you call Cotter's Get Access Token function.
var accessToken = await cotter.getAccessToken();
We'll add support for Android and iOS soon πŸ˜‰. Stay tuned!

Renewing Tokens using Refresh Token

If Cotter's SDK doesn't support auto renewal, or if you you need to renew the tokens manually, you can make an HTTP request to Cotter's Server to renew the tokens using a refresh_token.
curl -XPOST \
-H 'API_KEY_ID: <YOUR API KEY ID>' \
-H "Content-type: application/json" \
-d '{
"grant_type": "refresh_token",
"refresh_token": "<REFRESH_TOKEN>"
}' 'https://www.cotter.app/api/v0/token/<YOUR API KEY ID>'
post
https://www.cotter.app
/api/v0/token/<YOUR API KEY ID>
Get Token using Refresh Token

Refresh Token Rotation

Note that this does invalidates the old refresh_token and return a new refresh_token

Renewing Expired Refresh Token

When your refresh_token is expired, you have to re-authenticate your user. If you're using Trusted Devices and the current device is a trusted device, you can simply request authentication silently, in the background by Signing in with Device.
πŸ—οΈ Getting Access Token - Previous
Storing and Removing Tokens
Next - πŸ—οΈ Getting Access Token
Verifying JWT Tokens
Last modified 1yr ago
Copy link
Outline
Renewing Tokens using the SDK
Renewing Tokens using Refresh Token
post
Get Token using Refresh Token
Refresh Token Rotation
Renewing Expired Refresh Token