public async Task <IActionResult> Refresh([FromBody] RefreshRequestModel refreshRequest) { var principal = AccessTokenService.GetPrincipalFromExpiredToken(refreshRequest.Token); var userId = principal.Identity.Name; var savedRefreshToken = await AccessTokenService.GetRefreshTokenAsync(userId); if (savedRefreshToken != refreshRequest.RefreshToken) { return(BadRequest("Invalid refresh token")); } string newJwtToken = null; string newRefreshToken = null; try { newJwtToken = AccessTokenService.GenerateAccessToken(userId); newRefreshToken = AccessTokenService.GenerateRefreshToken(); await AccessTokenService.DeleteRefreshTokenAsync(userId, refreshRequest.RefreshToken); await AccessTokenService.SaveRefreshTokenAsync(userId, newRefreshToken); } catch (Exception e) { Logger.LogError(e, e.Message); return(StatusCode(500)); } return(Ok(new { token = newJwtToken, refreshToken = newRefreshToken })); }
public async Task <IActionResult> Authenticate([FromBody] AuthenticationRequestModel model) { User user = null; string tokenString; string refreshToken; try { user = await UserService.AuthenticateAsync(model.Username, model.Password); if (user == null) { return(BadRequest(new { message = "Username or password is incorrect" })); } tokenString = AccessTokenService.GenerateAccessToken(user.Id.ToString()); refreshToken = AccessTokenService.GenerateRefreshToken(); await AccessTokenService.SaveRefreshTokenAsync(user.Id.ToString(), refreshToken); } catch (ArgumentException e) { return(BadRequest(e.Message)); } catch { return(StatusCode(500)); } return(Ok(new { id = user.Id, username = user.Username, token = tokenString, refreshToken = refreshToken })); }