public async Task <IActionResult> RefreshToken(RefreshTokenViewModel model) { try { if (!ModelState.IsValid) { return(BadRequest()); } var principal = Util.GetPrincipalFromExpiredToken(model.token, _configuration); var username = principal.Identity.Name; var user = await _userManager.FindByNameAsync(username); var savedToken = _utilService.GetRefreshToken(model.uniqueId); if (savedToken.RefreshToken != model.refreshToken) { //throw new SecurityTokenException("Invalid refresh token"); return(Forbid()); } if (DateTime.Now > savedToken.RefreshTokenExpiryDate) { return(Forbid()); } var newJwtToken = Util.GenerateAccessToken(principal.Claims, _configuration).ToString(); var newRefreshToken = Util.GenerateRefreshToken(_configuration); _utilService.SaveAccessToken(newJwtToken, newRefreshToken, model.uniqueId, user.Id); return(Ok(new { access_token = newJwtToken, refresh_token = newRefreshToken })); } catch (Exception ex) { return(Forbid()); } }