public ActionResult Logout() { if (HttpContext.Request.Cookies["refreshToken"] == null) { return(BadRequest()); } string refreshToken = HttpContext.Request.Cookies["refreshToken"]; string bearer = HttpContext.Request.Headers["Authorization"]; string accessToken = (bearer == null) ? "" : bearer.Split(" ")[1]; // Blacklist the token in database and cache _service.BlacklistTokens(refreshToken, accessToken); return(Ok()); }