public async Task <BearerToken> GenerateTokenAsync(string username, string password, string membershipId, bool fireEvent = true) { // Check membership var membership = await this.membershipService.GetAsync(membershipId); if (membership == null) { throw ErtisAuthException.MembershipNotFound(membershipId); } if (!membership.IsValid(out IEnumerable <string> errors)) { throw ErtisAuthException.MalformedMembership(membershipId, errors); } // Check user var user = await this.userService.GetUserWithPasswordAsync(username, username, membership.Id); if (user == null) { throw ErtisAuthException.UserNotFound(username, "username or email"); } // Check password var passwordHash = this.cryptographyService.CalculatePasswordHash(membership, password); if (passwordHash != user.PasswordHash) { throw ErtisAuthException.UsernameOrPasswordIsWrong(username, password); } else { var token = this.GenerateBearerToken(user, membership); if (fireEvent) { await this.eventService.FireEventAsync(this, new ErtisAuthEvent(ErtisAuthEventType.TokenGenerated, user, token)); } return(token); } }