Issuing Tokens
Generate signed tokens on login.
Issuing Versus Validating
So far you validated tokens. Now you will issue them: after a user logs in successfully, your API mints a signed JWT and returns it.
The core type for this is JwtSecurityTokenHandler from System.IdentityModel.Tokens.Jwt.
dotnet add package System.IdentityModel.Tokens.JwtThe Signing Key
To sign a token you need a key. For HS256 you reuse the same symmetric secret the validator uses.
Keep this secret out of source control - load it from configuration or a secret store.
var key = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(configuration["Jwt:Key"]!));