private JwsDescriptor CreateJws(JwtObject header) { var jws = new JwsDescriptor(header, _jsonPayload !); if (_signingKey != null) { var alg = _signingKey.SignatureAlgorithm ?? _algorithm; if (alg is null) { throw new InvalidOperationException($"No algorithm is defined for the signature. Set the 'SignatureAlgorithm' property on the signing key, or specify a '{nameof(SignatureAlgorithm)}' to the '{nameof(SignWith)}' method."); } if (alg == SignatureAlgorithm.None) { throw new InvalidOperationException($"The algorithm 'none' defined with a signing key. Specify either a signing with with a {nameof(SignatureAlgorithm)} different of 'none', or specify the {nameof(SignatureAlgorithm)} 'none' without signing key."); } jws.SigningKey = _signingKey; if (_algorithm != null) { jws.Algorithm = _algorithm; } } else if (_noSignature) { jws.Algorithm = SignatureAlgorithm.None; } else { ThrowHelper.ThrowInvalidOperationException_NoSigningKeyDefined(); } if (_automaticId) { jws.JwtId = Guid.NewGuid().ToString("N"); } if (_expireAfter.HasValue) { jws.ExpirationTime = DateTime.UtcNow.AddSeconds(_expireAfter.Value); } if (_notBefore.HasValue) { jws.NotBefore = DateTime.UtcNow.AddSeconds(_notBefore.Value); } if (_automaticIssuedAt) { jws.IssuedAt = DateTime.UtcNow; } return(jws); }