public async Task <DataTransferObject <LoginResponseDTO> > RefreshToken(AuthStoreDTO tokenDto) { var response = new DataTransferObject <LoginResponseDTO>(); var queryParams = new Dictionary <string, string>(); queryParams.Add("filter.RefreshToken", tokenDto.RefreshToken); var jsonApiRequest = FilterRequest.GetRequest(queryParams); var existingToken = (await _repository.GetAll(jsonApiRequest)).FirstOrDefault(); if (existingToken == null) { return(ErrorResponseHelper.CreateErrorResponse <LoginResponseDTO>(ErrorStrings.InvalidRefreshToken)); } else if (existingToken.RefreshTokenExpiry <= DateTime.UtcNow) { return(ErrorResponseHelper.CreateErrorResponse <LoginResponseDTO>(ErrorStrings.RefreshTokenExpired)); } else if (existingToken.IsRevoked) { return(ErrorResponseHelper.CreateErrorResponse <LoginResponseDTO>(ErrorStrings.TokenAlreadyRevoked)); } var identity = await GetClaimsIdentity(existingToken.UserName, existingToken.DeviceId); if (identity == null) { return(ErrorResponseHelper.CreateErrorResponse <LoginResponseDTO>(ErrorStrings.InvalidRefreshToken)); } var jwt = await Token.GenerateJwt(identity, _jwtFactory, existingToken.UserName, tokenDto.DeviceId, _jwtOptions); var appUser = await userIdentityManager.FindByNameAsync(existingToken.UserName); var refreshToken = GetRefreshToken(appUser); var refreshTokenExpiry = _refreshTokenConfig.RefreshTokenExpiry; jwt.RefreshToken = refreshToken; await this.Repository.Create(new AuthStore() { Token = jwt.AuthToken, RefreshToken = refreshToken, RefreshTokenExpiry = refreshTokenExpiry, UserName = existingToken.UserName, DeviceId = tokenDto.DeviceId, IsRevoked = false }); await DeleteAsync(existingToken.Id); await SaveContext(); return(new DataTransferObject <LoginResponseDTO>(jwt)); }