public IActionResult Authenticate([FromBody] AuthenticationRequest auth) { var user = Db.Users.Single(x => x.Email == auth.email); var authOk = PasswordHasher.CheckPasword(user?.PasswordHash, auth.password); if (!authOk) { return(BadRequest("Could not verify password")); } var claims = new[] { new Claim(ClaimTypes.Email, auth.email) }; var rawKey = Convert.FromBase64String(Configuration["SecretKey"]); var key = new SymmetricSecurityKey(rawKey); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( claims: claims, expires: DateTime.Now.AddMinutes(30), signingCredentials: creds ); var tokenStr = new JwtSecurityTokenHandler().WriteToken(token); return(Ok(tokenStr)); }