public async Task <string> CreateTokenAsync(ApplicationUser user) { if (user.Museum == null) { user.Museum = await museumRepository.GetByIdAsync(user.MuseumId); } var claims = new List <Claim> { new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Email, user.Email), new Claim(AppClaimTypes.NAME, user.UserName), new Claim(AppClaimTypes.MUSEUM_ID, user.MuseumId.ToString()), new Claim(AppClaimTypes.MUSEUM_NAME, user.Museum.Name), }; var roles = await userManager.GetRolesAsync(user); claims.AddRange(roles.Select(claim => new Claim("roles", claim))); var emailConfirmed = await userManager.IsEmailConfirmedAsync(user); claims.Add(new Claim("email_verified", emailConfirmed.ToString())); var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["Tokens:Identity:Key"])); var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); int.TryParse(configuration["Tokens:Identity:Lifetime"], out var lifetime); var token = new JwtSecurityToken( issuer: configuration["Tokens:Identity:Issuer"], audience: configuration["Tokens:Identity:Audience"], claims: claims, expires: DateTime.UtcNow.AddHours(lifetime), signingCredentials: signingCredentials ); return(new JwtSecurityTokenHandler().WriteToken(token)); }