setAudience($this->getClient()->getIdentifier()) ->setId($this->getIdentifier(), true) ->setIssuedAt(time()) ->setNotBefore(time()) ->setExpiration($this->getExpiryDateTime()->getTimestamp()) ->setSubject($this->getUserIdentifier()) ->set('scopes', $this->getScopes()); if (is_null($privateKey)) { $token->sign(new HMACSHA256(), $this->getClient()->getClientSecret()); } else { $token->sign(new RSASHA256(), new Key($privateKey->getKeyPath(), $privateKey->getPassPhrase())); } return $token->getToken(); } }