Fix Access/Refres Token

AMREZ.EOP.API/Controllers/AuthenticationController.cs

@@ -74,7 +74,7 @@ public class AuthenticationController : ControllerBase
             new(ClaimTypes.NameIdentifier, res.UserId.ToString()),
             new(ClaimTypes.Name, res.Email),
             new(ClaimTypes.Email, res.Email),
-            new("tenant", res.TenantId)
+            new("tenant", res.TenantKey)
         };
 
         var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, AuthPolicies.Scheme));
@@ -83,7 +83,8 @@ public class AuthenticationController : ControllerBase
         var tokenPair = await _issueTokens.ExecuteAsync(new IssueTokenPairRequest()
         {
             UserId = res.UserId,
-            Tenant = res.TenantId,
+            TenantId = res.TenantId,
+            Tenant = res.TenantKey,
             Email = res.Email
         }, ct);
 
@@ -120,7 +121,7 @@ public class AuthenticationController : ControllerBase
         if (string.IsNullOrWhiteSpace(raw))
             return Unauthorized(new { message = "Missing refresh token" });
 
-        var res = await _refresh.ExecuteAsync(body, ct);
+        var res = await _refresh.ExecuteAsync(new RefreshRequest { RefreshToken = raw }, ct);
         if (res is null) return Unauthorized(new { message = "Invalid/expired refresh token" });
 
         if (!string.IsNullOrWhiteSpace(res.RefreshToken))
@@ -131,8 +132,8 @@ public class AuthenticationController : ControllerBase
                 new CookieOptions
                 {
                     HttpOnly = true,
-                    Secure = true,
-                    SameSite = SameSiteMode.Strict,
+                    Secure = false,              
+                    SameSite = SameSiteMode.None,
                     Expires = res.RefreshExpiresAt?.UtcDateTime
                 });
         }