Storing and Removing Tokens

OAuth Tokens should be stored securely in the client. 
Mobile apps: Use Android Keystore for Android and iOS KeyChain for iOS apps. 
Websites: Store the access_token in memory, the refresh_token is automatically included in an httpOnly and Secure cookie with domain cotter.app that is automatically included when requesting to refresh token. Learn more on how to store JWT tokens securely.​
Cotter's SDK generally handles token storage in your app.
SDK Support
Some of our SDKs handles storing the tokens for you:
JavaScript (from npm): Getting the Logged-in User and OAuth tokens​
React Native: Getting the Logged-in User and OAuth tokens​
Flutter: Getting the Logged-in User and OAuth tokens​
​

🗝️ Getting Access Token - Previous

Cotter's OAuth 2.0 Tokens Specification

Next - 🗝️ Getting Access Token

Renewing Expired Tokens

Last updated 2 weeks ago