public IActionResult Refresh(Token tokenApiModel) { if (tokenApiModel.AccessToken == null || tokenApiModel.RefreshToken == null) { return(BadRequest("Invalid client request")); } string accessToken = tokenApiModel.AccessToken; string refreshToken = tokenApiModel.RefreshToken; var principal = _tokenService.GetPrincipalFromExpiredToken(accessToken); var username = principal.Identity.Name; var user = _appDbContext.Logins.SingleOrDefault(u => u.FirstName == username); if (user == null || user.RefreshToken != refreshToken || user.RefreshTokenExpiryTime <= DateTime.Now) { return(BadRequest("Invalid client request")); } var newAccessToken = _tokenService.GenerateAccessToken(principal.Claims); var newRefreshToken = _tokenService.GenerateRefreshToken(); user.RefreshToken = newRefreshToken; _appDbContext.SaveChanges(); return(new ObjectResult(new { accessToken = newAccessToken, refreshToken = newRefreshToken })); }