# Getting Access Token and Logged-In User Info

{% hint style="warning" %}
The following guide only works with [Cotter's NPM package](https://www.npmjs.com/package/cotter) that can be installed using:

```markup
yarn add cotter

<!-- or -->

npm i cotter --save

<!-- or -->

<script
    src="https://unpkg.com/cotter@0.3.17/dist/cotter.min.js"
    type="text/javascript"
></script>
```

This feature is **not supported** on imports using

```markup
<script src="https://js.cotter.app/lib/cotter.js" type="text/javascript"></script>
```

{% endhint %}

## Get Access Token

After the user Authenticates, the SDK automatically stores the Access Token and Refresh Token for your convenience. To get the access token:

```javascript
var cotter = new Cotter(API_KEY_ID)
cotter.tokenHandler.getAccessToken().then(tok => {
  console.log(tok)
})
```

This function **automatically refreshes the access token if it's expired.** The returned access token would be in the form of a [CotterAccessToken](https://github.com/cotterapp/cotter-token-js#cotteraccesstoken) object which contains both the string and the decoded token.

## Get Logged-in User

After the user Authenticates, the SDK automatically stores the User Information. To get that information:

```javascript
var cotter = new Cotter(API_KEY_ID)
var user = cotter.getLoggedInUser()
console.log(user)
```

## Log Out

To log out and remove these data, do the following:

```javascript
var cotter = new Cotter(API_KEY_ID)
await cotter.logOut()
```

## Update Refresh Token (for Custom Claims)

`version >= 0.3.24`

If you used this [API to get custom claims](https://docs.cotter.app/api-reference/oauth-tokens-api/requesting-custom-claims-on-your-access-token), and you received a new `refresh_token` , you can update the refresh token stored in the user's browser by calling this method:

```javascript
var cotter = new Cotter(API_KEY_ID)
const resp = await cotter.tokenHandler.updateTokensWithRefreshToken(newRefreshTok)

console.log(resp)
// resp:
{
   "access_token": "eyJhbGciOiJFUzI1NiIsImtpZCI6IlNQQUNFX0pXVF9QVUJMSUM6ODAyOEFBQTMtRUMyRC00QkFBLUJFN0EtN0M4MzU5Q0NCOUY5IiwidHlwIjoiSldUIn0.eyJhZGRyZXNzIjoiSEVsbG9vIiwiYWdlIjoxMjUsImF1ZCI6IjQ3Nzc1YTllLWY1OTktNDk5OS1iNmVhLWY5MDEzMTVhZDMxYiIsImF1dGhlbnRpY2F0aW9uX21ldGhvZCI6Ik9UUCIsImNsaWVudF91c2VyX2lkIjoiZWNhZGJkMmMtNTZmOC00MDc4LWI0NWQtZjE3Nzg2ZWQ0OTllIiwiZXhwIjoxNjA0NjMxMzAyLCJpYXQiOjE2MDQ2Mjc3MDIsImlkZW50aWZpZXIiOiJwdXRyaWthcnVuaWFuQGdtYWlsLmNvbSIsImlzcyI6Imh0dHBzOi8vd3d3LmNvdHRlci5hcHAiLCJqdGkiOiIwZjMzNWI0Yi1mYTk5LTRjOWMtOTIwNS1hNmVlYzA3MjA4YzMiLCJuYW1lIjoiUHV0cmkiLCJzY29wZSI6ImFjY2VzcyIsInN1YiI6ImVjYWRiZDJjLTU2ZjgtNDA3OC1iNDVkLWYxNzc4NmVkNDk5ZSIsInR5cGUiOiJhY2Nlc3NfdG9rZW4ifQ.l5jEBYQnbkPQsahBQSmQhOx4DZhto5UIXVTMm3ODcuYTxQOHdWvc2tmlslvUM6huRO5j4d1VCzh9UFpA4zGqTQ",
   "id_token": "eyJhbGciOiJFUzI1NiIsImtpZCI6IlNQQUNFX0pXVF9QVUJMSUM6ODAyOEFBQTMtRUMyRC00QkFBLUJFN0EtN0M4MzU5Q0NCOUY5IiwidHlwIjoiSldUIn0.eyJhZGRyZXNzIjoiSEVsbG9vIiwiYWdlIjoxMjUsImF1ZCI6IjQ3Nzc1YTllLWY1OTktNDk5OS1iNmVhLWY5MDEzMTVhZDMxYiIsImF1dGhfdGltZSI6IjE2MDQ2Mjc2OTYiLCJjbGllbnRfdXNlcl9pZCI6ImVjYWRiZDJjLTU2ZjgtNDA3OC1iNDVkLWYxNzc4NmVkNDk5ZSIsImV4cCI6MTYwNDYzMTMwMiwiaWF0IjoxNjA0NjI3NzAyLCJpZGVudGlmaWVyIjoicHV0cmlrYXJ1bmlhbkBnbWFpbC5jb20iLCJpc3MiOiJodHRwczovL3d3dy5jb3R0ZXIuYXBwIiwianRpIjoiMmNmMDE4NTEtNTQyZC00YjZjLTkzZmItZmM5YWUwODQxN2NjIiwibmFtZSI6IlB1dHJpIiwic3ViIjoiZWNhZGJkMmMtNTZmOC00MDc4LWI0NWQtZjE3Nzg2ZWQ0OTllIiwidHlwZSI6ImlkX3Rva2VuIn0.PZmaMOjEySln6ujOLeCwYc8Gn2QX4r6cgvt2DnJPJ67cOEBvOWLBc28wgnGGIFq3PIpIAtkg3z2Sv6PfZSodeQ",
   "refresh_token": "75063:kisZxVuaTy9LrkzmzXTrmtV1dH7ACYJ951GR99fV86n1CTIOMB",
   "expires_in": 3600,
   "token_type": "Bearer",
   "auth_method": "OTP"
}
```

After calling this metho&#x64;**,** it will automatically update all the `access_token`, `id_token` and `refresh_token` with the new value.&#x20;

**This means, when you call `cotter.tokenHandler.getAccessToken()` next, you'll get an access token that has all the custom attributes.**

{% hint style="info" %}
Access tokens and id tokens that are generated using this refresh token and [subsequently returned refresh token](https://docs.cotter.app/api-reference/oauth-tokens-api#refresh-token-rotation) will always have the custom claims.

**New Logins** **will not have the custom claims** ​because we don't attach the custom claims to the user itself.
{% endhint %}

## OAuth Token Specification

{% content-ref url="../../getting-access-token/handling-authentication-with-cotter" %}
[handling-authentication-with-cotter](https://docs.cotter.app/getting-access-token/handling-authentication-with-cotter)
{% endcontent-ref %}