public string CreateJwtBearerToken(IRequest req, IAuthSession session, IEnumerable <string> roles = null, IEnumerable <string> perms = null)
        {
            var jwtPayload = CreateJwtPayload(session, Issuer, ExpireTokensIn, Audiences, roles, perms);

            CreatePayloadFilter?.Invoke(jwtPayload, session);

            if (EncryptPayload)
            {
                var publicKey = GetPublicKey(req);
                if (publicKey == null)
                {
                    throw new NotSupportedException("PublicKey is required to EncryptPayload");
                }

                return(CreateEncryptedJweToken(jwtPayload, publicKey.Value));
            }

            var jwtHeader = CreateJwtHeader(HashAlgorithm, GetKeyId(req));

            CreateHeaderFilter?.Invoke(jwtHeader, session);

            var hashAlgorithm = GetHashAlgorithm(req);
            var bearerToken   = CreateJwt(jwtHeader, jwtPayload, hashAlgorithm);

            return(bearerToken);
        }
        public string CreateJwtBearerToken(IAuthSession session, IEnumerable <string> roles = null, IEnumerable <string> perms = null)
        {
            var jwtPayload = CreateJwtPayload(session, Issuer, ExpireTokensIn, Audience, roles, perms);

            CreatePayloadFilter?.Invoke(jwtPayload, session);

            if (EncryptPayload)
            {
                if (PrivateKey == null || PublicKey == null)
                {
                    throw new NotSupportedException("PrivateKey is required to EncryptPayload");
                }

                return(CreateEncryptedJweToken(jwtPayload, PublicKey.Value));
            }

            var jwtHeader = CreateJwtHeader(HashAlgorithm, GetKeyId());

            CreateHeaderFilter?.Invoke(jwtHeader, session);

            Func <byte[], byte[]> hashAlgoritm = null;

            Func <byte[], byte[], byte[]> hmac;

            if (HmacAlgorithms.TryGetValue(HashAlgorithm, out hmac))
            {
                if (AuthKey == null)
                {
                    throw new NotSupportedException("AuthKey required to use: " + HashAlgorithm);
                }

                hashAlgoritm = data => hmac(AuthKey, data);
            }

            Func <RSAParameters, byte[], byte[]> rsa;

            if (RsaSignAlgorithms.TryGetValue(HashAlgorithm, out rsa))
            {
                if (PrivateKey == null)
                {
                    throw new NotSupportedException("PrivateKey required to use: " + HashAlgorithm);
                }

                hashAlgoritm = data => rsa(PrivateKey.Value, data);
            }

            if (hashAlgoritm == null)
            {
                throw new NotSupportedException("Invalid algoritm: " + HashAlgorithm);
            }

            var bearerToken = CreateJwtBearerToken(jwtHeader, jwtPayload, hashAlgoritm);

            return(bearerToken);
        }