public async Task <TokenModel> RefreshToken(UserModel userModel, TokenModel tokenModel) { var userRefreshTokens = await _refreshTokenRepository.GetByUser(userModel.Id); var selectedRefreshToken = userRefreshTokens.FirstOrDefault(x => x.Value == tokenModel.RefreshToken); if (selectedRefreshToken == null) { throw new SecurityTokenException("Invalid refresh token."); } if (selectedRefreshToken.ExpirationDate < DateTime.Now) { throw new SecurityTokenExpiredException("Refresh token has expired."); } var newToken = await GenerateAccessToken(userModel); var newRefreshToken = await GenerateRefreshToken(userModel.Id); var tokenResult = new TokenModel { Token = newToken, RefreshToken = newRefreshToken }; await _refreshTokenRepository.Delete(selectedRefreshToken.Id); await _refreshTokenRepository.SaveChanges(); return(tokenResult); }