Storing and Removing Tokens
Last updated
Last updated
OAuth Tokens should be stored securely in the client.
Mobile apps: Use for Android and for iOS apps.
Websites: Store the access_token
in memory, the refresh_token
is automatically included in an httpOnly
and Secure
cookie with domain cotter.app
that is automatically included when requesting to refresh token.
Cotter's SDK generally handles token storage in your app.
Some of our SDKs handles storing the tokens for you:
JavaScript (from npm):
React Native:
Flutter: and