public IActionResult GetNewTokens(Guid id, string ip, string userAgent) { var user = _userService.Get(id); var token = _cookieService.Extract(HttpContext, AuthOptions.REFRESH_TOKEN_COOKIE); var isVerified = _tokenService.VerifyRefreshToken(user, token); if (isVerified) { var identity = _accountService.GetIdentity(user); var tokens = _accountService.GetNewTokenPair(user, identity, token); _cookieService.RemoveCookie(HttpContext, AuthOptions.REFRESH_TOKEN_COOKIE); _cookieService.SetCookie(HttpContext, AuthOptions.REFRESH_TOKEN_COOKIE, tokens.RefreshToken); return(Ok(tokens.AccessToken)); } else { return(Forbid()); } }