//scenario 1 : get the access-token by username and password private async Task <ResponseData> DoPasswordAsync(Parameters parameters) { //validate the client_id/client_secret/username/password var user = UserInfo.GetAllUsers().SingleOrDefault(x => x.ClientId == parameters.client_id && x.ClientSecret == parameters.client_secret && x.UserName == parameters.username && x.Password == parameters.password); if (user == null) { return(new ResponseData { Code = "902", Message = "Invalid user infomation", Data = null }); } var refresh_token = Guid.NewGuid().ToString().Replace("-", ""); var token = new RefreshToken { ClientId = parameters.client_id, Token = refresh_token, Id = Guid.NewGuid().ToString(), IsStop = 0, UserName = user.UserName }; //store the refresh_token if (await _tokenRepository.AddTokenAsync(token)) { return(new ResponseData { Code = "999", Message = "Ok", Data = GetJwt(parameters.client_id, user.UserName, refresh_token, _settings.Value.ExpireMinutes) }); } else { return(new ResponseData { Code = "909", Message = "Cannot add token to database", Data = null }); } }