OAuth Tokens should be stored securely in the client.
Websites: Store the
access_token in memory, the
refresh_token is automatically included in an
Secure cookie with domain
cotter.app that is automatically included when requesting to refresh token. Learn more on how to store JWT tokens securely.
Some of our SDKs handles storing the tokens for you:
React Native: Getting the Logged-in User and OAuth tokens