public static LoginResponseData Execute(ApplicationUser user, IdentityContext context, RefreshToken refreshToken = null) { var options = GetOptions(); var now = DateTime.UtcNow; var claims = new List <Claim>() { new Claim(JwtRegisteredClaimNames.NameId, user.Id), new Claim(JwtRegisteredClaimNames.Jti, user.Id.ToString()), new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUniversalTime().ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64), new Claim(JwtRegisteredClaimNames.Sub, user.UserName), }; var userClaims = context.UserClaims.Where(i => i.UserId == user.Id); foreach (var userClaim in userClaims) { claims.Add(new Claim(userClaim.ClaimType, userClaim.ClaimValue)); } var userRoles = context.UserRoles.Where(i => i.UserId == user.Id); foreach (var userRole in userRoles) { var role = context.Roles.Single(i => i.Id == userRole.RoleId); claims.Add(new Claim(Extensions.RoleClaimType, role.Name)); } if (refreshToken == null) { refreshToken = new RefreshToken() { UserId = user.Id, Token = Guid.NewGuid().ToString("N"), }; context.InsertNew(refreshToken); } refreshToken.IssuedUtc = now; refreshToken.ExpiresUtc = now.Add(options.Expiration); context.SaveChanges(); var jwt = new JwtSecurityToken( issuer: options.Issuer, audience: options.Audience, claims: claims.ToArray(), notBefore: now, expires: now.Add(options.Expiration), signingCredentials: options.SigningCredentials); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); var response = new LoginResponseData { access_token = encodedJwt, refresh_token = refreshToken.Token, expires_in = (int)options.Expiration.TotalSeconds, userName = user.UserName, //firstName = user.FirstName, //lastName = user.LastName, isAdmin = claims.Any(i => i.Type == Extensions.RoleClaimType && i.Value == Extensions.AdminRole) }; return(response); }