Validate absoluteExpiration is not in the past for JWTs

Add a check to ensure absoluteExpiration is not earlier than the current UTC time when creating a JWT token. Throw an ArgumentException if an invalid expiration is provided to prevent issuing already-expired tokens.

Author: marcominerva

src/SimpleAuthentication/JwtBearer/JwtBearerService.cs

@@ -20,12 +20,17 @@ public class JwtBearerService(IOptions<JwtBearerSettings> jwtBearerSettingsOptio
     /// <inheritdoc />
     public virtual Task<string> CreateTokenAsync(string userName, IList<Claim>? claims = null, string? issuer = null, string? audience = null, DateTime? absoluteExpiration = null)
     {
+        var now = DateTime.UtcNow;
+
+        if (absoluteExpiration.HasValue && absoluteExpiration.Value < now)
+        {
+            throw new ArgumentException("The expiration date must be greater than or equal to the current date and time.", nameof(absoluteExpiration));
+        }
+
         claims ??= [];
         claims.Update(JwtBearerSettings.NameClaimType, userName);
         claims.Update(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString());
 
-        var now = DateTime.UtcNow;
-
         var securityTokenDescriptor = new SecurityTokenDescriptor()
         {
             Subject = new ClaimsIdentity(claims, JwtBearerSettings.SchemeName, JwtBearerSettings.NameClaimType, JwtBearerSettings.RoleClaimType),