public IActionResult Refresh(Token tokenApiModel)
{
if (tokenApiModel.AccessToken == null || tokenApiModel.RefreshToken == null)
{
return(BadRequest("Invalid client request"));
}
string accessToken = tokenApiModel.AccessToken;
string refreshToken = tokenApiModel.RefreshToken;
var principal = _tokenService.GetPrincipalFromExpiredToken(accessToken);
var username = principal.Identity.Name;
var user = _appDbContext.Logins.SingleOrDefault(u => u.FirstName == username);
if (user == null || user.RefreshToken != refreshToken || user.RefreshTokenExpiryTime <= DateTime.Now)
{
return(BadRequest("Invalid client request"));
}
var newAccessToken = _tokenService.GenerateAccessToken(principal.Claims);
var newRefreshToken = _tokenService.GenerateRefreshToken();
user.RefreshToken = newRefreshToken;
_appDbContext.SaveChanges();
return(new ObjectResult(new
{
accessToken = newAccessToken,
refreshToken = newRefreshToken
}));
}
