@Override public Token createToken(Set<Identity> identities, Account account, String originalLogin) { Identity user = getUser(identities); if (user == null) { throw new ClientVisibleException(ResponseCodes.UNAUTHORIZED); } account = getOrCreateAccount(user, identities, account); if (account == null){ throw new ClientVisibleException(ResponseCodes.INTERNAL_SERVER_ERROR, "FailedToGetAccount"); } postAuthModification(account); account = authDao.updateAccount(account, user.getName(), account.getKind(), user.getExternalId(), user .getExternalIdType()); Map<String, Object> jsonData = new HashMap<>(); jsonData.put(AbstractTokenUtil.TOKEN, tokenType()); jsonData.put(AbstractTokenUtil.ACCOUNT_ID, user.getExternalId()); jsonData.put(AbstractTokenUtil.ID_LIST, identitiesToIdList(identities)); jsonData.put(AbstractTokenUtil.USER_IDENTITY, user); jsonData.put(AbstractTokenUtil.USER_TYPE, account.getKind()); jsonData.put("originalLogin", originalLogin); String accountId = (String) ApiContext.getContext().getIdFormatter().formatId(objectManager.getType(Account.class), account.getId()); Date expiry = new Date(System.currentTimeMillis() + SecurityConstants.TOKEN_EXPIRY_MILLIS.get()); String jwt = tokenService.generateEncryptedToken(jsonData, expiry); Long authenticatedAsAccountId = account.getId(); return new Token(jwt, accountId, user, new ArrayList<>(identities), account.getKind(), authenticatedAsAccountId); }