# Getting OAuth Tokens

When a user successfully logged-in, Cotter will generate an `access_token` , an `id_token` , and a `refresh_token` [that you can use in your backend API](https://blog.cotter.app/passwordless-login-with-email-and-json-web-token-jwt-authentication-with-nextjs/). 

The SDK automatically stores these tokens in the device's secure storage.

#### Getting The Tokens

```dart
Cotter cotter = new Cotter(apiKeyID: API_KEY_ID);
try {
  var accessToken = await cotter.getAccessToken();
  var idToken = await cotter.getIDToken();
  var refreshToken = await cotter.getRefreshToken();
} catch (e) {
  print(e);
}
```

This function will automatically refresh the `access_token` and `id_token` if it's expired.

## OAuth Token Specification

{% content-ref url="../../getting-access-token/handling-authentication-with-cotter" %}
[handling-authentication-with-cotter](https://docs.cotter.app/getting-access-token/handling-authentication-with-cotter)
{% endcontent-ref %}