public async Task <IActionResult> Authenticate(string username, string password) { var auth = await _authenticationService.AuthenticateAsync(username, password); if (!auth.IsAuthenticated) { return(BadRequest( new { Message = "invalid username or password." })); } var userClaims = await _authenticationService.GetUserClaimsAsync(username); var userRoles = await _authenticationService.GetUserRolesAsync(username); var token = _jwtTokenManager.CreateJwtToken(username, auth.UserId, userRoles, userClaims); return(Ok( new { Username = username, Token = new JwtSecurityTokenHandler().WriteToken(token) })); }