Storing and Removing Tokens - Cotter

Blog Dashboard Get help on Slack 👋

Search…

0.1.0

Getting Started

Features & Concepts

📌

Quickstart Guides

All Guides & Tutorials

HTML – Sign in with Email/Phone

React – Sign in with Email/Phone

React – WebAuthn

Python SDK for a CLI

React Native – Sign in with Device

iOS – Sign in with Device

Flutter – Sign in with Device

📘

SDK Reference

Python (for CLI)

API for Other Mobile Apps or CLI

Backend: Handling Response

🛡️ Protecting Your Account

Only Allow Your Website/App to Use Your API Key

Enable reCAPTCHA to Protect Against Automated Abuse

🗝️ Getting Access Token

Cotter's OAuth 2.0 Tokens Specification

Getting the Tokens

Storing and Removing Tokens

Renewing Expired Tokens

Verifying JWT Tokens

Requesting Custom Fields on your JWT Token

🔌

API Reference

OAuth Tokens API

OAuth Tokens from Social Login

Older API

Validating Cotter's Identity Token

Validating Cotter's Event Response

Powered By GitBook

Storing and Removing Tokens

OAuth Tokens should be stored securely in the client. 
Mobile apps: Use Android Keystore for Android and iOS KeyChain for iOS apps. 
Websites: Store the access_token in memory, the refresh_token is automatically included in an httpOnly and Secure cookie with domain cotter.app that is automatically included when requesting to refresh token. Learn more on how to store JWT tokens securely.​
Cotter's SDK generally handles token storage in your app.
SDK Support
Some of our SDKs handles storing the tokens for you:
JavaScript (from npm): Getting the Logged-in User and OAuth tokens​
React Native: Getting the Logged-in User and OAuth tokens​
Flutter: Getting the Logged-in User and OAuth tokens​
​

Using the Refresh Token

Next - 🗝️ Getting Access Token

Renewing Expired Tokens

Last modified 1yr ago

Copy link

Contents