public async Task <ActionResult> RefreshToken([FromBody] RefreshTokenRequest request) { try { var userName = User.Identity?.Name; _logger.LogInformation($"User [{userName}] is trying to refresh JWT token."); if (string.IsNullOrWhiteSpace(request.RefreshToken)) { return(Unauthorized()); } var accessToken = await HttpContext.GetTokenAsync("Bearer", "access_token"); var jwtResult = _jwtAuthManager.RefreshAsync(request.RefreshToken, accessToken, DateTime.Now); _logger.LogInformation($"User [{userName}] has refreshed JWT token."); return(Ok(new LoginResult { UserName = userName, Role = User.FindFirst(ClaimTypes.Role)?.Value ?? string.Empty, AccessToken = jwtResult.AccessToken, RefreshToken = jwtResult.RefreshToken.TokenString })); } catch (SecurityTokenException e) { _logger.LogError(e.Message); return(Unauthorized(e.Message)); // return 401 so that the client side can redirect the user to login page } }