public IActionResult Login(LoginRequestDto login) { //db check existing profile if (!_dbService.AccountExist(login)) { return(StatusCode(401)); } var claims = new[] { new Claim(ClaimTypes.NameIdentifier, login.User + "0101"), new Claim(ClaimTypes.Name, login.User), new Claim(ClaimTypes.Role, "employee") }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecretKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken ( issuer: "Gakko", audience: "Students", claims: claims, expires: DateTime.Now.AddMinutes(10), signingCredentials: creds ); var refreshToken = Guid.NewGuid(); login.Token = refreshToken; _dbService.SaveToken(login); return(Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token), refreshToken = refreshToken })); }