/
Contact usSee pricingStart building
    Overview
    Changelog

    Pre-built UI

    StytchB2B
      Configuration
      Callbacks
    Admin Portal
      SSO
      Org Settings
      Member Management
      SCIM
    B2BIdentityProviderBeta
      Configuration
      UI Callbacks

    Headless

    Organizations
      Get Organization
      Get Organization by Slug
      Update Organization
      Delete Organization
    Members
      Get Member
      Create Member
      Update Member
      Search Members
      Delete Member
      Reactivate Member
      Delete Member Password
      Delete Member MFA Phone Number
      Delete Member MFA TOTP
      Unlink Retired Member Email
      Update Self
      Delete Self Password
      Delete Self MFA Phone Number
      Delete Self MFA TOTP
      Unlink Retired Self Email
      Update Member (Deprecated)
      Delete Member MFA Phone Number (Deprecated)
    RBAC
      Is Authorized
      Permissions
    Email Magic Links
      Login or Signup
      Invite
      Authenticate
      Send Discovery Email
      Authenticate Discovery Magic Link
    Email One-time Passcodes (OTPs)
      Login or Signup
      Authenticate OTP
      Send Discovery Email OTP
      Authenticate Discovery Email OTP
    OAuth
      Start OAuth Flow
      Google One Tap
      Authenticate
      Start Discovery OAuth Flow
      Discovery Authenticate
    Session Management
      Get Session
      Authenticate Session
      Revoke Session
      Update Session
      Exchange Session
      Get Tokens
      Revoke Sessions for Member
    SSO
      Start SSO Flow
      Authenticate
      Get SSO Connections
      Discover SSO Connections
      Delete SSO Connection
      Create SAML Connection
      Update SAML Connection
      Update SAML Connection by Metadata URL
      Delete Verification Certificate
      Create OIDC Connection
      Update OIDC Connection
      Create External Connection
      Update External Connection
    Discovery
      List Discovered Organizations
      Create Organization via Discovery
      Exchange Intermediate Session
    Passwords
      Authenticate
      Reset by Email Start
      Reset by Email
      Reset by Existing Password
      Reset by Session
      Strength Check

    • Discovery

        • Authenticate
        Reset by Email Start
        Reset by Email
    SCIM
      Create SCIM Connection
      Update SCIM Connection
      Delete SCIM Connection
      Get SCIM Connection
      SCIM Token Rotation Start
      SCIM Token Rotation Complete
      SCIM Token Rotation Cancel
      Get SCIM Connection Groups
    Multi-Factor Authentication

    • One-Time Passcodes

        • SMS Send
        SMS Authenticate

    • Time-Based One-Time Passcodes

        • TOTP Create
        TOTP Authenticate

    • Recovery Codes

        • Recovery Codes Recover
        Rotate Recovery Codes
        Get Recovery Codes
    Impersonation
      Authenticate

    More Resources

    Cookies & session management
    SWR & caching
    TypeScript
Get support on SlackVisit our developer forum

Contact us

B2B Saas Authentication

/

Frontend SDKs

/

Headless

/

Session Management

/

Get Tokens

Get tokens

Returns the session_token and session_jwt values associated with the logged-in user's active session.

Session tokens are only available if:

  • There is an active session, and
  • The session is not managed via HttpOnly cookies.

If either of these conditions is not met, getTokens will return null.

Note that the Stytch SDK stores the session_token and session_jwt values as session cookies in the user's browser. Those cookies will be automatically included in any request that your frontend makes to a service (such as your backend) that shares the domain set on the cookies, so in most cases, you will not need to explicitly retrieve the session_token and session_jwt values using the getTokens() method. However, we offer this method to serve some unique use cases where explicitly retrieving the tokens may be necessary.

import { useState } from 'react';
import { useStytchB2BClient } from '@stytch/react/b2b';
import { SessionTokens } from '@stytch/vanilla-js/b2b';

export const GetSessionTokens = () => {
  const stytch = useStytchB2BClient();
  const [sessionTokens, setSessionTokens] = useState<SessionTokens | null>(null);

  // Callback to retrieve session tokens on demand
  const handleGetTokens = () => {
    const tokens = stytch.session.getTokens();
    setSessionTokens(tokens);
  };

  return (
    <div>
      <button onClick={handleGetTokens}>Get Session Tokens</button>
      {sessionTokens && (
        <div>
          <p>Session Token: {sessionTokens.session_token}</p>
          <p>Session JWT: {sessionTokens.session_jwt}</p>
        </div>
      )}
    </div>
  );
};