public async Task <JwtSecurityToken?> VerifyRefreshToken(string refreshToken) { //SignatureValidation var validationParameters = new TokenValidationParameters { ValidateLifetime = true, IssuerSigningKey = new SymmetricSecurityKey(_refreshSecret), ValidateAudience = false, ValidateIssuer = false }; var handler = new JwtSecurityTokenHandler(); handler.ValidateToken(refreshToken, validationParameters, out var validToken); // Signature validation failed if (!(validToken is JwtSecurityToken jwt)) { return(null); } var refreshKey = jwt.Claims.SingleOrDefault(c => c.Type == "refresh_key")?.Value; return(await _refreshTokenRepository.FindByKey(refreshKey ?? "") != null ? jwt : null); }