public async Task <JwtAuthResult> GenerateToken(string userName, Claim[] claims) { DateTime now = DateTime.UtcNow; bool shouldAddAudienceClaim = string.IsNullOrEmpty(claims?.FirstOrDefault(p => p.Type == JwtRegisteredClaimNames.Aud)?.Value); JwtSecurityToken jwtToken = new JwtSecurityToken( m_config.Issuer, shouldAddAudienceClaim ? m_config.Audience : string.Empty, claims, expires: now.AddMilliseconds(m_config.AccessTokenExpirationMs), signingCredentials: new SigningCredentials(new SymmetricSecurityKey(m_secret), SecurityAlgorithms.HmacSha256Signature)); string accessToken = new JwtSecurityTokenHandler().WriteToken(jwtToken); RefreshToken refreshToken = new RefreshToken(userName, GenerateRefreshTokenString(), now.AddMilliseconds(m_config.RefreshTokenExpirationMs)); await m_tokenStorage.RememberToken(refreshToken); return(new JwtAuthResult(accessToken, refreshToken)); }