Ensure JwtBearer settings are validated and lifetime checked

- Throw ArgumentNullException if JwtBearerSettings options are null in JwtBearerService constructor.
- Always enable token lifetime validation in JWT Bearer authentication, regardless of ExpirationTime setting.

Author: marcominerva

src/SimpleAuthentication/JwtBearer/JwtBearerService.cs

@@ -15,7 +15,7 @@ public class JwtBearerService(IOptions<JwtBearerSettings> jwtBearerSettingsOptio
     /// <summary>
     /// Gets the JWT Bearer settings used by this service.
     /// </summary>
-    protected JwtBearerSettings JwtBearerSettings { get; } = jwtBearerSettingsOptions.Value;
+    protected JwtBearerSettings JwtBearerSettings { get; } = jwtBearerSettingsOptions?.Value ?? throw new ArgumentNullException(nameof(jwtBearerSettingsOptions));
 
     /// <inheritdoc />
     public virtual Task<string> CreateTokenAsync(string userName, IList<Claim>? claims = null, string? issuer = null, string? audience = null, DateTime? absoluteExpiration = null)

src/SimpleAuthentication/SimpleAuthenticationExtensions.cs

@@ -112,7 +112,7 @@ static void CheckAddJwtBearer(AuthenticationBuilder builder, IConfigurationSecti
                     ValidateIssuerSigningKey = true,
                     IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(settings.SecurityKey)),
                     RequireExpirationTime = true,
-                    ValidateLifetime = settings.ExpirationTime.GetValueOrDefault() > TimeSpan.Zero,
+                    ValidateLifetime = true,
                     ClockSkew = settings.ClockSkew
                 };
             });