/// <summary>
        /// Generate access token with a symmetric signing key.
        /// </summary>
        /// <param name="webToken">JSON web token.</param>
        /// <param name="signingKey">Symmetric signing key.</param>
        /// <returns>Self signed assertion.</returns>
        public static string GenerateAssertion(JsonWebToken webToken, string signingKey)
        {
            TokenHeader tokenHeaderContract = new TokenHeader("HS256", String.Empty);

            string tokenHeader = Base64Utils.Encode(tokenHeaderContract.EncodeToJson());
            string tokenBody   = Base64Utils.Encode(webToken.EncodeToJson());
            string rawToken    = string.Format("{0}.{1}", tokenHeader, tokenBody);

            string signature = Base64Utils.Encode(JWTTokenHelper.SignData(signingKey, rawToken));

            string accessToken = string.Format(
                "{0}.{1}",
                rawToken,
                signature);

            return(accessToken);
        }
        /// <summary>
        /// Generates a self-signed assertion.
        /// </summary>
        /// <param name="webToken">Json web token.</param>
        /// <param name="signingCert">Signing certificate.</param>
        /// <returns>Self signed assertion.</returns>
        public static string GenerateAssertion(
            JsonWebToken webToken, X509Certificate2 signingCert)
        {
            string encodedHash = Base64Utils.Encode(signingCert.GetCertHash());

            TokenHeader tokenHeaderContract = new TokenHeader("RS256", encodedHash);

            string tokenHeader = Base64Utils.Encode(tokenHeaderContract.EncodeToJson());
            string tokenBody   = Base64Utils.Encode(webToken.EncodeToJson());
            string rawToken    = string.Format("{0}.{1}", tokenHeader, tokenBody);
            string hash        = Base64Utils.Encode(JWTTokenHelper.SignData(signingCert, rawToken));

            string accessToken = string.Format(
                "{0}.{1}",
                rawToken,
                hash);

            return(accessToken);
        }