public async Task <IActionResult> Logout()
        {
            // check for auth token, and add to revocation list
            var tokenInfo = await HttpContext.AuthenticateAsync("Bearer");

            if (tokenInfo != null)
            {
                var token = new JwtSecurityToken(claims: tokenInfo.Ticket.Principal.Claims);
                _jwtManager.RevokeToken(token);
                // remove cookie
                HttpContext.Response.Cookies.Delete("Authorization");
            }

            return(Ok());
        }