public async Task <IActionResult> Refresh([FromBody] RefreshRequestModel refreshRequest) { var principal = AccessTokenService.GetPrincipalFromExpiredToken(refreshRequest.Token); var userId = principal.Identity.Name; var savedRefreshToken = await AccessTokenService.GetRefreshTokenAsync(userId); if (savedRefreshToken != refreshRequest.RefreshToken) { return(BadRequest("Invalid refresh token")); } string newJwtToken = null; string newRefreshToken = null; try { newJwtToken = AccessTokenService.GenerateAccessToken(userId); newRefreshToken = AccessTokenService.GenerateRefreshToken(); await AccessTokenService.DeleteRefreshTokenAsync(userId, refreshRequest.RefreshToken); await AccessTokenService.SaveRefreshTokenAsync(userId, newRefreshToken); } catch (Exception e) { Logger.LogError(e, e.Message); return(StatusCode(500)); } return(Ok(new { token = newJwtToken, refreshToken = newRefreshToken })); }