OAuth Tokens should be stored securely in the client.
Mobile apps: Use Android Keystore for Android and iOS KeyChain for iOS apps.
Websites: Store the access_token
in memory, the refresh_token
is automatically included in an httpOnly
and Secure
cookie with domain cotter.app
that is automatically included when requesting to refresh token. Learn more on how to store JWT tokens securely.
Cotter's SDK generally handles token storage in your app.
Some of our SDKs handles storing the tokens for you:
JavaScript (from npm): Getting the Logged-in User and OAuth tokens
React Native: Getting the Logged-in User and OAuth tokens
Flutter: Getting the Logged-in User and OAuth tokens