diff --git a/DigitalData.Core.Security/JwtSignatureService.cs b/DigitalData.Core.Security/JwtSignatureService.cs
new file mode 100644
index 0000000..2aa5b29
--- /dev/null
+++ b/DigitalData.Core.Security/JwtSignatureService.cs
@@ -0,0 +1,30 @@
+using DigitalData.Core.Security.Config;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+using System.IdentityModel.Tokens.Jwt;
+
+namespace DigitalData.Core.Security
+{
+    public class JwtSignatureService<TPrincipal> : JwtSecurityTokenHandler
+    {
+        private readonly ClaimDescriptor<TPrincipal> _claimDescriptor;
+
+        private readonly TokenDescriptorProvider _descriptorProvider;
+
+        public JwtSignatureService(IOptions<ClaimDescriptor<TPrincipal>> claimDescriptorOptions, TokenDescriptorProvider descriptorProvider)
+        {
+            _claimDescriptor = claimDescriptorOptions.Value;
+            _descriptorProvider = descriptorProvider;
+        }
+
+        public SecurityToken CreateToken(TPrincipal subject, TokenDescription description)
+        {
+            var descriptor = _descriptorProvider.Create(description: description);
+            descriptor.Claims = _claimDescriptor.CreateClaims?.Invoke(subject);
+            descriptor.Subject = _claimDescriptor.CreateSubject?.Invoke(subject);
+            return CreateToken(descriptor);
+        }
+
+        public string CreateAndWriteToken(TPrincipal subject, TokenDescription description) => WriteToken(CreateToken(subject, description));
+    }
+}
\ No newline at end of file