AccountController.cs

[HttpPost("refresh-token")]
[Authorize]
public async Task<ActionResult> RefreshToken([FromBody] RefreshTokenRequest request)
{
    try
    {
        var userName = User.Identity.Name;
        _logger.LogInformation($"User [{userName}] is trying to refresh JWT token.");

        if (string.IsNullOrWhiteSpace(request.RefreshToken))
        {
            return Unauthorized();
        }

        var accessToken = await HttpContext.GetTokenAsync("Bearer", "access_token");
        var jwtResult = _jwtAuthManager.Refresh(request.RefreshToken, accessToken, DateTime.Now);
        _logger.LogInformation($"User [{userName}] has refreshed JWT token.");
        return Ok(new LoginResult
        {
            UserName = userName,
            Role = User.FindFirst(ClaimTypes.Role)?.Value ?? string.Empty,
            AccessToken = jwtResult.AccessToken,
            RefreshToken = jwtResult.RefreshToken.TokenString
        });
    }
    catch (SecurityTokenException e)
    {
        return Unauthorized(e.Message); // return 401 so that the client side can redirect the user to login page
    }
}