public IActionResult RequestToken(string userName, string password)
        {
            var userId = _profileRepository.GetUserIdByUserName(userName);

            if (userId == null || userId == Guid.Empty)
            {
                return(NotFound());
            }

            //hash pasword
            var salt         = _profileRepository.GetSaltByUserName(userName);
            var passwordHash = _authorizationManager.GeneratePasswordHash(password, salt);

            if (!_validateRepository.ValidateLogin(userName, passwordHash))
            {
                return(BadRequest("Could not verify username and password"));
            }

            var refreshToken = Convert.ToBase64String(Guid.NewGuid().ToByteArray());

            _validateRepository.SaveRefreshToken(userName, refreshToken);

            if (!_validateRepository.Save())
            {
                return(StatusCode(500, "There was a problem while handling your request."));
            }

            var token = _authorizationManager.GenerateToken(_key, userName, userId);

            return(Ok(new
            {
                token = new JwtSecurityTokenHandler().WriteToken(token),
                refreshToken
            }));
        }