public async Task <DtoTokenResponse> GenerateToken(string userName, string password) { var identity = await _authenticationValidation.GetIdentityByLoginPair(userName, password); if (identity == null) { throw new LogicException(ExceptionMessage.InvalidCredentials); } var now = DateTime.UtcNow; // Specifically add the jti (nonce), iat (issued timestamp), and sub (subject/user) claims. // You can add other claims here, if you want: var claims = new List <Claim> { new Claim(JwtRegisteredClaimNames.Sub, identity.Name), new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUniversalTime() .ToUnixTimeSeconds() .ToString(), ClaimValueTypes.Integer64) }; claims.AddRange(identity.Claims); var encodedJwt = GetJwt(claims, now); UserTokenMapping.RemoveAllExpired(); UserTokenMapping.Add(identity.Name, new UserToken { UserId = identity.Name, Token = encodedJwt, Expiration = now.Add(_tokenProviderOptions.Expiration) }); var encryptedRefreshToken = GetRefreshToken(claims, identity.Name); var response = new DtoTokenResponse { AccessToken = encodedJwt, ExpiresIn = (int)_tokenProviderOptions.Expiration.TotalSeconds, RefreshToken = encryptedRefreshToken }; return(response); }