public async Task <AuthResponse> LoginAsync(TokenExchangeRequest request) { var user = await _userManager.FindByEmailAsync(request.Email); if (user == null) { return(new AuthResponse() { Message = $"No Accounts Registered with {request.Email}.", }); } // Only allow login if email is confirmed if (!user.EmailConfirmed) { return(new AuthResponse() { Message = $"Current email {request.Email} is not confirmed.", }); } // Used as user lock if (user.LockoutEnd != null && user.LockoutEnd >= DateTimeOffset.UtcNow) { return(new AuthResponse() { Message = $"This account has been locked.", }); } if (!await _userManager.CheckPasswordAsync(user, request.Password)) { return(new AuthResponse() { Message = $"Incorrect Credentials for user {user.Email}.", }); } var jwtSecurityToken = await _jwtFactory.GenerateEncodedAccessToken(user); var activeRefreshToken = user.RefreshTokens.FirstOrDefault(e => e.IsActive); if (activeRefreshToken != null) { return(new AuthResponse() { RefreshToken = activeRefreshToken !.Token, ExpiredAt = (activeRefreshToken.Expires - DateTimeOffset.UtcNow).Seconds, Token = jwtSecurityToken.Token, });