public async Task <string> GenerateRefreshToken(string userName, ClaimsIdentity claimsIdentity, string ip, string userAgent) { var claims = new List <Claim> { new Claim(JwtRegisteredClaimNames.Sub, userName), new Claim(JwtRegisteredClaimNames.Jti, await _jwtOptions.JtiGenerator()), new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(_jwtOptions.IssuedAt).ToString(), ClaimValueTypes.Integer64), claimsIdentity.FindFirst(Helpers.Constants.Strings.JwtClaimIdentifiers.Id) }; var jwt = new JwtSecurityToken( issuer: _jwtOptions.Issuer, audience: _jwtOptions.Audience, claims: claims, notBefore: _jwtOptions.NotBefore, expires: _jwtOptions.RefleshExpiration, signingCredentials: _jwtOptions.SigningCredentials); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); var hashedJwt = _userManager.PasswordHasher.HashPassword(new AppUser(), encodedJwt); //remove tokens for user if strange activity var tokensFromDb = _repository.GetTokensForUser(claimsIdentity.FindFirst(Helpers.Constants.Strings.JwtClaimIdentifiers.Id).Value).ToList(); if (tokensFromDb.Count() > 20) { foreach (var t in tokensFromDb.ToList()) { if (t != null) { await _repository.DeleteRefleshToken(t); } } } else { foreach (var t in tokensFromDb.ToList()) { if (t.Expiration < ToUnixEpochDate(DateTime.UtcNow)) { await _repository.DeleteRefleshToken(t); } } } await _repository.AddRefreshToken(new Entities.RefreshToken() { Token = hashedJwt, IdentityId = claimsIdentity.FindFirst(Helpers.Constants.Strings.JwtClaimIdentifiers.Id).Value, Expiration = ToUnixEpochDate(_jwtOptions.RefleshExpiration), Ip = ip, Useragent = userAgent }); return(encodedJwt); }