public async Task <ActionResult> SignIn([FromBody] SignInModel Info) { User user; if (Info.refreshToken != null) { _log.Information("New login request through refreshToken"); Info.idToken = Info.refreshToken; var refreshToken = await RefreshTokenService.GetToken(Info.refreshToken); if (refreshToken == null || refreshToken.IsRevoked) { _log.Information("Invalid refresh token {0}", Info.refreshToken); return(Unauthorized()); } else { user = refreshToken.User; _log.Information("Accepted refresh token {0}, authenticating user: {1}", Info.refreshToken, user.Id); } } else { _log.Information("New login request through Firebase"); var info = (await _firebaseService.getAccountInfo(Info.idToken)).users.First(); user = _dataContext.User.SingleOrDefault(q => q.FirebaseUid == info.localId); _log.Information("Firebase user found"); if (user == null) { if (!info.emailVerified) { _log.Information("User with email not verified"); return(BadRequest("Email not verified")); } user = await CreateUser(info); } } if (user.Disabled) { _log.Information("User disabled"); return(BadRequest("User disabled")); } ClaimsIdentity identity = CreateIdentity(user); SecurityToken securityToken = CreateToken(identity); var token = new JwtSecurityTokenHandler().WriteToken(securityToken); AuthResponse ret = new AuthResponse() { authenticated = true, //email = info.email, expiration = DateTime.Now.AddHours(20), accessToken = token, message = "OK" }; if (Info.refreshToken == null) { ret.refreshToken = (await RefreshTokenService.CreateRefreshToken(user.Id)).Id; } _log.Information("Successfully created session for user {0}", user.Id); return(Ok(ret)); }