public IActionResult Authenticate([FromBody] PatientViewModel userVM) { var user = _userService.Authenticate(userVM.Cpf, userVM.Password); if (user == null) { return(BadRequest(new { message = "Senha ou Cpf incorretos" })); } var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, user.ID.ToString()), new Claim(ClaimTypes.Role, user.GetType().Name) }), Expires = DateTime.UtcNow.AddDays(1), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); // return basic user info (without password) and token to store client side return(Ok(new { Id = user.ID, Cpf = user.Cpf, Name = user.Name, Token = tokenString })); }