diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/jwt/JoseHeader.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/jwt/JoseHeader.java
index aad6963..96a2e76 100644
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/jwt/JoseHeader.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/jwt/JoseHeader.java
@@ -175,6 +175,15 @@ public final class JoseHeader {
 		return (T) getHeaders().get(name);
 	}
 
+	/**
+	 * Returns a new {@link Builder}.
+	 *
+	 * @return the {@link Builder}
+	 */
+	public static Builder builder() {
+		return new Builder();
+	}
+
 	/**
 	 * Returns a new {@link Builder}, initialized with the provided {@link JwsAlgorithm}.
 	 *
@@ -201,6 +210,9 @@ public final class JoseHeader {
 	public static final class Builder {
 		private final Map<String, Object> headers = new HashMap<>();
 
+		private Builder() {
+		}
+
 		private Builder(JwsAlgorithm jwsAlgorithm) {
 			Assert.notNull(jwsAlgorithm, "jwsAlgorithm cannot be null");
 			header(JoseHeaderNames.ALG, jwsAlgorithm);
@@ -211,6 +223,16 @@ public final class JoseHeader {
 			this.headers.putAll(headers.getHeaders());
 		}
 
+		/**
+		 * Sets the {@link JwsAlgorithm JWS algorithm} used to digitally sign the JWS.
+		 *
+		 * @param jwsAlgorithm the JWS algorithm
+		 * @return the {@link Builder}
+		 */
+		public Builder jwsAlgorithm(JwsAlgorithm jwsAlgorithm) {
+			return header(JoseHeaderNames.ALG, jwsAlgorithm);
+		}
+
 		/**
 		 * Sets the JWK Set URL that refers to the resource of a set of JSON-encoded public keys,
 		 * one of which corresponds to the key used to digitally sign the JWS or encrypt the JWE.