private async Task <IActionResult> issueTokens(ClaimsIdentity identity, string ip) { var prefix = "issueTokens() - "; _logger.LogInformation(prefix + $"Issuing new access and refresh tokens for username {identity.Name}"); var jwtAccess = new JwtSecurityToken( issuer: _jwtOptions.Issuer, audience: _jwtOptions.Audience, claims: identity.Claims, notBefore: _jwtOptions.NotBefore, expires: _jwtOptions.AccessExpiration, signingCredentials: _jwtOptions.SigningCredentials); var jwtRefresh = new JwtSecurityToken( issuer: _jwtOptions.Issuer, audience: _jwtOptions.Audience, //claims: identity.Claims, //notBefore: _jwtOptions.NotBefore, expires: _jwtOptions.RefreshExpiration, signingCredentials: _jwtOptions.SigningCredentials); string refreshTokenGuid = Guid.NewGuid().ToString(); // Stamp in a custom payload string refreshTokenName = identity.Name; jwtRefresh.Payload[GUIDKEY] = refreshTokenGuid; jwtRefresh.Payload[NAMEKEY] = refreshTokenName; jwtRefresh.Payload[IPKEY] = ip; var handler = new JwtSecurityTokenHandler(); var encodedJwtAccess = handler.WriteToken(jwtAccess); var encodedJwtRefresh = handler.WriteToken(jwtRefresh); // Build the object to return List <object> jwts = new List <object>(); jwts.Add(new { access_token = encodedJwtAccess, expires_in = (int)_jwtOptions.AccessValidFor.TotalSeconds }); jwts.Add(new { refresh_token = encodedJwtRefresh, expires_in = (int)_jwtOptions.RefreshValidFor.TotalSeconds }); // Store refresh token in database await _tokenStore.CreateAsync( new ApplicationJwtRefreshToken { Guid = refreshTokenGuid, Name = refreshTokenName, IP = ip }, new CancellationToken()); // Serialize and return the response var json = JsonConvert.SerializeObject(jwts, _serializerSettings); return(await Task.FromResult(new OkObjectResult(json))); }