public void ValidateRefreshToken(string token) { var key = new byte[64]; var decrypted = cs.DecryptAES(token, key); if (" here should be a refresh token from DB " != decrypted) // TODO: Implement { throw new Exception("Refresh token is invalid."); } }