public async Task <AccessTokenDTO> RefreshToken(RefreshTokenDTO dto)
{
var userId = _jwtFactory.GetUserIdFromToken(dto.AccessToken, dto.SigningKey);
var userEntity = await _context.Users.FindAsync(userId);
if (userEntity == null)
{
throw new NotFoundException(nameof(User), userId);
}
var rToken = await _context.RefreshTokens.FirstOrDefaultAsync(t => t.Token == dto.RefreshToken && t.UserId == userId);
if (rToken == null)
{
throw new InvalidTokenException("refresh");
}
if (!rToken.IsActive)
{
throw new ExpiredRefreshTokenException();
}
var jwtToken = await _jwtFactory.GenerateAccessToken(userEntity.Id, userEntity.UserName, userEntity.Email);
var refreshToken = _jwtFactory.GenerateRefreshToken();
_context.RefreshTokens.Remove(rToken); // delete the token we've exchanged
_context.RefreshTokens.Add(new RefreshToken // add the new one
{
Token = refreshToken,
UserId = userEntity.Id
});
await _context.SaveChangesAsync();
return(new AccessTokenDTO(jwtToken, refreshToken));
}