public void GenerateEncodedToken() { // Arrange var roles = new List <string> { "User", "Admin" }; var userName = "******"; // Act var result = _service.GenerateEncodedToken(userName, roles); var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidIssuer = _options.JwtIssuer, ValidAudience = _options.JwtAudience, ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey( Encoding.UTF8.GetBytes(_options.JwtKey)), RequireExpirationTime = false, ValidateLifetime = true, ClockSkew = TimeSpan.Zero }; handler.ValidateToken(result, validationParameters, out var token); var jwtToken = (System.IdentityModel.Tokens.Jwt.JwtSecurityToken)token; // Assert jwtToken.Issuer.Is(_options.JwtIssuer); jwtToken.Audiences.First().Is(_options.JwtAudience); jwtToken.Subject.Is(userName); var jsonRole = jwtToken.Payload.First(_ => _.Key == ClaimTypes.Role).Value; foreach (var role in (JArray)jsonRole) { roles.Contains(role.ToString()).IsTrue(); } }