private async Task <string> CreateRefreshToken(string clientId, string userName, Guid userId) { var refreshToken = Guid.NewGuid().ToString("n"); Logger.LogDebug($"Create refresh token for {userName}"); // hash refresh_token so session can't be hijacked var hashedToken = HashToken(refreshToken); var token = new RefreshToken { TokenHashed = hashedToken, ClientId = clientId, UserId = userId, UserName = userName, Issued = DateTimeOffset.UtcNow, Expires = DateTimeOffset.UtcNow.Add(_principalOptions.Value.RefreshExpire) }; await _dataContext.AddAsync(token).ConfigureAwait(false); await _dataContext.SaveChangesAsync().ConfigureAwait(false); return(refreshToken); }