public async Task <string> CreateTokenAsync(ApplicationUser user)
        {
            if (user.Museum == null)
            {
                user.Museum = await museumRepository.GetByIdAsync(user.MuseumId);
            }

            var claims = new List <Claim>
            {
                new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
                new Claim(JwtRegisteredClaimNames.Email, user.Email),
                new Claim(AppClaimTypes.NAME, user.UserName),
                new Claim(AppClaimTypes.MUSEUM_ID, user.MuseumId.ToString()),
                new Claim(AppClaimTypes.MUSEUM_NAME, user.Museum.Name),
            };
            var roles = await userManager.GetRolesAsync(user);

            claims.AddRange(roles.Select(claim => new Claim("roles", claim)));
            var emailConfirmed = await userManager.IsEmailConfirmedAsync(user);

            claims.Add(new Claim("email_verified", emailConfirmed.ToString()));

            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["Tokens:Identity:Key"]));
            var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

            int.TryParse(configuration["Tokens:Identity:Lifetime"], out var lifetime);

            var token = new JwtSecurityToken(
                issuer: configuration["Tokens:Identity:Issuer"],
                audience: configuration["Tokens:Identity:Audience"],
                claims: claims,
                expires: DateTime.UtcNow.AddHours(lifetime),
                signingCredentials: signingCredentials
                );

            return(new JwtSecurityTokenHandler().WriteToken(token));
        }