public IToken GenerateAccessToken(ClaimsIdentity identity, IEnumerable <string> audiences) { var tokenId = Guid.NewGuid().ToString("N"); var tokenHandler = new JwtSecurityTokenHandler(); var signingKey = this.options.Value.Keys.First(); var tokenClaimsIdentity = identity.Clone(); tokenClaimsIdentity.AddClaims(new Claim[] { new Claim(TokenIdClaim, tokenId), new Claim(TokenUsageClaim, "access_token"), new Claim(KeyIdClaim, signingKey.Key), }); var token = tokenHandler.CreateToken(new Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor { Audience = string.Join(",", audiences), Expires = (DateTime.Now + this.options.Value.AccesssTokenLifetime), NotBefore = DateTime.Now.AddMinutes(-1), IssuedAt = DateTime.Now, Issuer = this.options.Value.Issuer, SigningCredentials = signingKey.Value, Subject = tokenClaimsIdentity }); return(tokenHandler.GetAccessToken(tokenId, token)); }