diff --git a/server/auth/authorization.controller.js b/server/auth/authorization.controller.js
new file mode 100644
index 00000000..3e46e317
--- /dev/null
+++ b/server/auth/authorization.controller.js
@@ -0,0 +1,25 @@
+import * as jwt from 'jsonwebtoken';
+import crypto from 'crypto';
+const jwtSecret = 'aJWTSecret13121992for13121992jwtTokenInTheRequest13121992';
+class AuthorizationController {
+  static login(req, res) {
+    try {
+      const refreshId = req.body.userId + jwtSecret;
+      const salt = crypto.randomBytes(16).toString('base64');
+      const hash = crypto
+        .createHmac('sha512', salt)
+        .update(refreshId)
+        .digest('base64');
+      req.body.refreshKey = salt;
+      const accessToken = jwt.sign(req.body, jwtSecret);
+      const refreshToken = Buffer.from(hash).toString('base64');
+      const {userId, name, email, roles, provider} = req.body;
+      const responseData = {accessToken, refreshToken, userId, name, email, roles, provider};
+      res.status(201).send(responseData);
+    } catch (err) {
+      res.status(500).send({errors: err});
+    }
+  }
+}
+
+export default AuthorizationController;
diff --git a/server/controllers/user.controller.js b/server/controllers/user.controller.js
index 6e9449ea..77e9cfa2 100644
--- a/server/controllers/user.controller.js
+++ b/server/controllers/user.controller.js
@@ -1,6 +1,5 @@
 import model from '../models';
 import crypto from 'crypto';
-import user from '../models/user';
 
 const {User, Avatar} = model;
 
@@ -86,7 +85,7 @@ class UserController {
       .catch(error => res.status(400).send(error));
   }
 
-  static login(req, res) {
+  static login(req, res, next) {
     const {email, password} = req.body;
 
     User.findAll({
@@ -108,13 +107,15 @@ class UserController {
             // passwords are same, user authenticated
             Avatar.findByPk(user[0].avatarId)
               .then(avatar => {
-                return res.status(200).send({
+                req.body = {
                   userId: user[0].id,
                   email: user[0].email,
                   roles: user[0].roles,
                   provider: 'email',
                   name: avatar.first_name + ' ' + avatar.last_name
-                });
+                };
+
+                return next();
               })
               .catch(error => {
                 res.status(400).send(error);
diff --git a/server/routes/user.route.js b/server/routes/user.route.js
index e87beaec..d5a65875 100644
--- a/server/routes/user.route.js
+++ b/server/routes/user.route.js
@@ -1,11 +1,12 @@
 import express from 'express';
 import UserController from '../controllers/user.controller';
+import AuthorizationController from '../auth/authorization.controller';
 
 const routes = express.Router();
 
 // sign ip with avatar id
 routes.post('/signup/:avatarId', UserController.signUpWithAvatar);
 routes.post('/signup', UserController.signUp);
-routes.post('/login', UserController.login);
+routes.post('/login', [UserController.login, AuthorizationController.login]);
 
 export default routes;