Cotter
Cotter
Cotter
Cotter
🚀 Getting Started
💈Features
📌 Quickstart Guides
🌟 HTML – Magic Link with Email & Phone
HTML & Node.js
▲ Next.js
Angular
⚛️ React Native
iOS
Flutter
📘 SDK Reference
Web
React Native
Flutter
iOS
Android
API for Other Mobile Apps
🛡️ Protecting Your Account
Rate Limit
Enable reCAPTCHA to Protect Against Automated Abuse
Only Allow Your Website/App to Use Your API Key
🗝️ Getting Access Token
Handling Authentication with Cotter
Getting the Tokens
Storing and Removing Tokens
Renewing Expired Tokens
Verifying JWT Tokens
🔌 API Reference
User API
OAuth Tokens API
Event Object
Powered by GitBook

Storing and Removing Tokens

OAuth Tokens should be stored securely in the device. Use Android Keystore for Android and iOS KeyChain for iOS apps.

Cotter's SDK generally handles token storage in your app.

React Native
Other SDKs (coming soon)
React Native

✅ Cotter's React Native SDK automatically store your tokens securely inside the device's secure storage.

Getting tokens from the Storage

You should pass the access_token on every API call to your backend server whenever necessary. You can use the id_token to read information about your user. To get the access_token and id_token from the secure storage:

const getAccessToken = async () => {
  try {
    var accessToken = await cotter.tokenHandler.getAccessToken();
    console.log('Access Token', accessToken);
  } catch (err) {
    console.log('Access Token Error', err);
  }
};
const getIDToken = async () => {
  try {
    var idToken = await cotter.tokenHandler.getIDToken();
    console.log('ID Token', idToken);
  } catch (err) {
    console.log('ID Token Error', err);
  }
};

The returned accessToken and idToken will contain the JWT token string, as well as the decoded payload of the token:

Access Token
{
  // 👇Decoded Access Token Payload
  "payload": {
    "aud": "e8f34b64-52d0-4c78-b9a9-012bcdac65d3",
    "authentication_method": "TRUSTED_DEVICE",
    "client_user_id": "1223",
    "exp": 1586238412,
    "iat": 1586234812,
    "iss": "https://www.cotter.app",
    "scope": "access",
    "sub": "USER:e09efb1b-e50f-41fd-8530-88ffbcd80f59",
    "type": "client_access_token"
  },
  
  // 👇Access Token String
  // Pass this to your server on the http request header
  // Authorization: Bearer <access_token>
  "token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnRfdXNlcl9pZCI6IjEyMjMiLCJhdXRoZW50aWNhdGlvbl9tZXRob2QiOiJUUlVTVEVEX0RFVklDRSIsInR5cGUiOiJjbGllbnRfYWNjZXNzX3Rva2VuIiwic2NvcGUiOiJhY2Nlc3MiLCJhdWQiOiJlOGYzNGI2NC01MmQwLTRjNzgtYjlhOS0wMTJiY2RhYzY1ZDMiLCJleHAiOjE1ODYyMzg0MTIsImlhdCI6MTU4NjIzNDgxMiwiaXNzIjoiaHR0cHM6Ly93d3cuY290dGVyLmFwcCIsInN1YiI6IlVTRVI6ZTA5ZWZiMWItZTUwZi00MWZkLTg1MzAtODhmZmJjZDgwZjU5In0.qnY-iCpRxIyI03IPA7CHbB8JXeCNqGbM5F-mWQdAXGLlSriOH2pmmme-BoHup8i_Mgxtk48TKTW4HjL8WoZHPw"
}

Refreshing Tokens

Since Access Tokens and ID Tokens expires in 1 hour, Cotter's SDK automatically refresh the tokens whenever the access_token or id_token expires and there is a valid refresh_token present. This refresh happens when you call cotter.tokenHandler.getAccessToken()

The refresh_token expires every 30 days, so you would need to re-authenticate users when the refresh_token expires. If you're using Trusted Devices and the current device is a trusted device, re-authentication can be done silently by calling cotter.trustedDevice.requestAuth

Removing tokens from the Storage (Log Out)

To logout your users, you should remove all tokens from the storage. To do that:

const logOut = () => {
  cotter.tokenHandler.removeTokens();
};
Other SDKs (coming soon)

We'll add support for JS, Android and iOS soon 😉. Stay tuned!

Previous
Using HTTP Requests
Next - 🗝️ Getting Access Token
Renewing Expired Tokens
Last updated 3 months ago