public async Task <IActionResult> Login([FromBody] LoginRequest request) { var error = await UserValidator.ValidateLogin(request); if (!string.IsNullOrEmpty(error)) { return(new BadRequestObjectResult(new { validation_error = error })); } var user = await UserManager.FindByNameAsync(request.Username); var claims = new[] { new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")), new Claim(JwtRegisteredClaimNames.Email, user.Email), new Claim(ClaimsIdentity.DefaultNameClaimType, user.UserName) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:SecretKey"])); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var expirationTime = DateTime.Now.Add(TimeSpan.FromSeconds(long.Parse(Configuration["Jwt:Expiration"]))); var token = new JwtSecurityToken( issuer: Configuration["Jwt:Issuer"], audience: Configuration["Jwt:Audience"], claims: claims, signingCredentials: credentials, expires: expirationTime ); var tokenString = new JwtSecurityTokenHandler().WriteToken(token); DbContext.Sessions.Add(new Session { UserId = user.Id, Identity = user, Expiration = expirationTime, Token = tokenString, IsActive = true }); DbContext.SaveChanges(); return(new OkObjectResult(new { token = tokenString })); }