public async Task <IActionResult> RefreshToken() { var token = HttpContext.Request.Headers["Authorization"].FirstOrDefault()?.Remove(0, 7); var refreshToken = HttpContext.Request.Headers["RefreshToken"].FirstOrDefault(); if (token == null || refreshToken == null) { return(Unauthorized(new ErrorDetails() { Message = "Credentials not provided for request", StatusCode = 401 })); } var userId = _tokenProvider.GetUserIdFromExpiredToken(token); if (!await _tokenService.CheckTokenIdentityAsync(userId, refreshToken)) { return(BadRequest("Refresh token for current user don't match with stored")); } var newToken = _tokenProvider.RefreshAccessToken(token, out var newRefreshToken); await _tokenService.UpdateRefreshTokenAsync(userId, newRefreshToken); HttpContext.Response.Cookies.Append(".AspNetCore.Application.Id", newToken, new CookieOptions { MaxAge = TimeSpan.FromMinutes(60) }); HttpContext.Response.Cookies.Append(".AspNetCore.Application.Cre", newRefreshToken, new CookieOptions { MaxAge = TimeSpan.FromMinutes(60) }); _logger.Log(LogLevel.Debug, $"user {userId} refreshed tokens"); return(Ok()); }