private async Task <bool> RevokeRefreshToken() { string accessToken = HttpContext.Request.Cookies["accessToken"]; string refreshToken = HttpContext.Request.Cookies["refreshToken"]; if (accessToken == null || refreshToken == null) { return(true); } var handler = new JwtSecurityTokenHandler(); var jsonToken = handler.ReadToken(accessToken); var tokenS = handler.ReadToken(accessToken) as JwtSecurityToken; var userName = tokenS.Claims.First(claim => claim.Type == "unique_name").Value; var identityUser = await userManager.FindByNameAsync(userName); if (identityUser == null) { return(false); } var refreshTokens = refreshTokenRepository.GetByUserId(identityUser.Id); var selectedRefreshToken = refreshTokens.Where <RefreshToken>(c => c.Token == refreshToken).FirstOrDefault(); if (selectedRefreshToken != null) { await refreshTokenRepository.Remove(selectedRefreshToken.Id); } // Set Token Cookie var cookieOptions = new CookieOptions { HttpOnly = true, Secure = true, SameSite = SameSiteMode.None, Expires = DateTime.UtcNow.AddDays(-1) }; HttpContext.Response.Cookies.Append("accessToken", "", cookieOptions); HttpContext.Response.Cookies.Append("refreshToken", "", cookieOptions); return(true); }