diff --git a/DigitalData.Core.Security/DIExtensions.cs b/DigitalData.Core.Security/DIExtensions.cs
index 2555719..2d57ced 100644
--- a/DigitalData.Core.Security/DIExtensions.cs
+++ b/DigitalData.Core.Security/DIExtensions.cs
@@ -24,7 +24,7 @@ namespace DigitalData.Core.Security
                 _mappingProfile.Added = true;
                 return services
                     .AddAutoMapper(typeof(MappingProfile).Assembly)
-                    .AddSingleton<TokenDescriptorProvider>();
+                    .AddSingleton<TokenDescriptorMapper>();
             }
         }
 
diff --git a/DigitalData.Core.Security/Extension.cs b/DigitalData.Core.Security/Extension.cs
new file mode 100644
index 0000000..a2ac9c5
--- /dev/null
+++ b/DigitalData.Core.Security/Extension.cs
@@ -0,0 +1,19 @@
+using AutoMapper;
+using DigitalData.Core.Security.Config;
+using Microsoft.IdentityModel.Tokens;
+
+namespace DigitalData.Core.Security
+{
+    public static class Extension
+    {
+        /// <summary>
+        /// Maps a <see cref="TokenDescription"/> to a <see cref="SecurityTokenDescriptor"/>.
+        /// </summary>
+        /// <param name="mapper">The <see cref="IMapper"/> instance used for mapping.</param>
+        /// <param name="description">The <see cref="TokenDescription"/> instance to be mapped.</param>
+        /// <returns>A <see cref="SecurityTokenDescriptor"/> instance populated with the mapped values.</returns>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="mapper"/> or <paramref name="description"/> is <c>null</c>.</exception>
+        public static SecurityTokenDescriptor Map(this IMapper mapper, TokenDescription description)
+            => mapper.Map(description, new SecurityTokenDescriptor());
+    }
+}
\ No newline at end of file
diff --git a/DigitalData.Core.Security/JwtSignatureService.cs b/DigitalData.Core.Security/JwtSignatureService.cs
index 6494af6..fc5986c 100644
--- a/DigitalData.Core.Security/JwtSignatureService.cs
+++ b/DigitalData.Core.Security/JwtSignatureService.cs
@@ -1,17 +1,18 @@
-using DigitalData.Core.Security.Config;
+using AutoMapper;
+using DigitalData.Core.Security.Config;
 using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
 
 namespace DigitalData.Core.Security
 {
-    public class JwtSignatureService<TPrincipal>(IOptions<ClaimDescriptor<TPrincipal>> claimDescriptorOptions, TokenDescriptorProvider descriptorProvider) : JwtSecurityTokenHandler
+    public class JwtSignatureService<TPrincipal>(IOptions<ClaimDescriptor<TPrincipal>> claimDescriptorOptions, IMapper mapper) : JwtSecurityTokenHandler
     {
         private readonly ClaimDescriptor<TPrincipal> _claimDescriptor = claimDescriptorOptions.Value;
 
         public SecurityToken CreateToken(TPrincipal subject, TokenDescription description)
         {
-            var descriptor = descriptorProvider.Create(description: description);
+            var descriptor = mapper.Map(description);
             descriptor.Claims = _claimDescriptor.CreateClaims?.Invoke(subject);
             descriptor.Subject = _claimDescriptor.CreateSubject?.Invoke(subject);
             return CreateToken(descriptor);
diff --git a/DigitalData.Core.Security/TokenDescriptorProvider.cs b/DigitalData.Core.Security/TokenDescriptorProvider.cs
deleted file mode 100644
index a29a024..0000000
--- a/DigitalData.Core.Security/TokenDescriptorProvider.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-using AutoMapper;
-using DigitalData.Core.Security.Config;
-using Microsoft.IdentityModel.Tokens;
-
-namespace DigitalData.Core.Security
-{
-    public class TokenDescriptorProvider(IMapper mapper)
-    {
-        public SecurityTokenDescriptor Create(TokenDescription description)
-            => mapper.Map(description, new SecurityTokenDescriptor());
-    }
-}
\ No newline at end of file