Storing and Removing Tokens
OAuth Tokens should be stored securely in the client.
Mobile apps: Use Android Keystore for Android and iOS KeyChain for iOS apps.
Websites: Store the
access_tokenin memory, therefresh_tokenis automatically included in anhttpOnlyandSecurecookie with domaincotter.appthat is automatically included when requesting to refresh token. Learn more on how to store JWT tokens securely.
Cotter's SDK generally handles token storage in your app.
SDK Support
Some of our SDKs handles storing the tokens for you:
JavaScript (from npm): Getting the Logged-in User and OAuth tokens
React Native: Getting the Logged-in User and OAuth tokens
Flutter: Getting the Logged-in User and OAuth tokens
Last updated