If it does, the session flow is as follows (at a high level): - You will want to save the access and refresh tokens in the cookie store on login. - For each API request, you will need to send the access token as a cookie. This should ideally happen automatically. - Once the access token expires (you get a 401 response from an API). You will need to use the refresh token to call the refresh API (again, the refresh token cookie will go automatically since its path matches the refresh API's path). - If the refresh is successful, you will have a new access token and call call the original API again. Else, your session has expired and the user will need to login again. The above is a very high level flow. There are locking related nuances that you will have to consider whilst calling the refresh API to prevent false negatives alerts of token theft. I suggest that you see our react native SDK's source code and try and copy that as much as possible. If you do end up making it, then we would appreciate a PR to support flutter 🙂 React native SDK's code: https://github.com/supertokens/supertokens-react-native