public async Task <AuthenticateResponse> AuthenticateAsync(AuthenticateRequest model, string ipAddress) { var account = await jwtUserService.GetByEmailAsync(model.Email); if (account == null || !account.IsVerified || !passwordService.Verify(model.Password, account.PasswordHash)) { throw new JwtAppException("Email or password is incorrect"); } // authentication successful so generate JWT and refresh tokens var jwtToken = tokenService.GenerateJwtToken(account); var refreshToken = tokenService.GenerateRefreshToken(ipAddress); if (account.RefreshTokens == null) { account.RefreshTokens = new List <RefreshToken>(); } // save refresh token account.RefreshTokens.Add(refreshToken); await jwtUserService.UpdateAsync(account.Id, account); AuthenticateResponse response = convertService.UserToAuthenticateResponse(account); response.JwtToken = jwtToken; response.RefreshToken = refreshToken.Token; return(response); }