private async Task <(string AccessToken, IEnumerable <Claim> Claims)> createAccessTokenAsync(User user) { var claims = new List <Claim> { // Unique Id for all Jwt tokes new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString(), ClaimValueTypes.String, this.configuration.Value.Issuer), // Issuer new Claim(JwtRegisteredClaimNames.Iss, this.configuration.Value.Issuer, ClaimValueTypes.String, this.configuration.Value.Issuer), // Issued at new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64, this.configuration.Value.Issuer), new Claim(ClaimTypes.NameIdentifier, user.UserId.ToString(), ClaimValueTypes.String, this.configuration.Value.Issuer), new Claim(ClaimTypes.Name, user.UserId, ClaimValueTypes.String, this.configuration.Value.Issuer), new Claim("DisplayName", user.DisplayName, ClaimValueTypes.String, this.configuration.Value.Issuer), // to invalidate the cookie new Claim(ClaimTypes.SerialNumber, user.SerialNumber, ClaimValueTypes.String, this.configuration.Value.Issuer), // custom data new Claim(ClaimTypes.UserData, user.UserId.ToString(), ClaimValueTypes.String, this.configuration.Value.Issuer) }; // add roles var roles = await rolesRepository.FindUserRolesAsync(user.UserId); foreach (var role in roles) { claims.Add(new Claim(ClaimTypes.Role, role.Name, ClaimValueTypes.String, this.configuration.Value.Issuer)); } var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(this.configuration.Value.Key)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var now = DateTime.UtcNow; var token = new JwtSecurityToken( issuer: this.configuration.Value.Issuer, audience: this.configuration.Value.Audience, claims: claims, notBefore: now, expires: now.AddMinutes(this.configuration.Value.AccessTokenExpirationMinutes), signingCredentials: creds); return(new JwtSecurityTokenHandler().WriteToken(token), claims); }