public JsonWebToken SignIn(string username, string password) { var user = GetUser(username); if (!_encryptionManager.Compare(password, user.Password)) { throw new Exception("Invalid credentials"); } var jwt = _jwtHandler.Create(user.ID); var refresh = GetOrAddRefreshToken(user.ID); jwt.RefreshToken = refresh.Token; return(jwt); }