private void addTokenInCookie(HttpClient httpClient, string username, string[] roles, string cookieDomain, IList <KeyValuePair <string, string> > claims, string secretKey, string audience, string issuer) { httpClient.DefaultRequestHeaders.Remove("Cookie"); var signingKey = SigningKey.GetSigningKey(secretKey); var options = new TokenProviderOptions { Audience = audience, Issuer = issuer, SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256), }; var jwtService = new JwtService(); JsonWebToken token; if (claims != null) { claims.Add(new KeyValuePair <string, string>("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", username)); token = jwtService.GenerateJsonWebToken(username, roles, options, claims.ToArray()); } else { token = jwtService.GenerateJsonWebToken(username, roles, options, new KeyValuePair <string, string>("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", username)); } var cookieOptions = new CookieOptions { Domain = cookieDomain, Expires = DateTimeOffset.UtcNow.AddHours(8).AddDays(1).AddMinutes(-5) }; var cookies = new List <string> { $"access_token={token.AccessToken}", $"username={username}", $"expires_in={token.ExpiresIn}" }; httpClient.DefaultRequestHeaders.Add("Cookie", string.Join(";", cookies)); }