public async Task <AccessTokenDto> RefreshAccessTokenAsync(AccessTokenDto accessToken) { var principal = GetPrincipalFromExpiredToken(accessToken.Token); var userId = new Guid(principal.Identity.Name); var savedRefreshToken = await _refreshTokenRepository.GetByUserIdOrDefaultAsync(userId); if (savedRefreshToken.Token != accessToken.RefreshToken) { throw new SecurityTokenException($"Invalid refresh token for user with id {userId}"); } var newJwtToken = GenerateJwtToken(principal.Claims); var newRefreshToken = GenerateRefreshToken(); _refreshTokenRepository.Delete(savedRefreshToken); _refreshTokenRepository.Create(new RefreshToken { Token = newRefreshToken, UserId = userId }); await _saveProvider.SaveAsync(); return(new AccessTokenDto { RefreshToken = newRefreshToken, Token = newJwtToken }); }