diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JoseHeader.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JoseHeader.java
index d5eafebdc55..71deb507235 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JoseHeader.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JoseHeader.java
@@ -176,6 +176,14 @@ public <T> T getHeader(String name) {
 		return (T) getHeaders().get(name);
 	}
 
+	/**
+	 * Returns a new {@link Builder}.
+	 * @return the {@link Builder}
+	 */
+	public static Builder builder() {
+		return new Builder();
+	}
+
 	/**
 	 * Returns a new {@link Builder}, initialized with the provided {@link JwaAlgorithm}.
 	 * @param jwaAlgorithm the {@link JwaAlgorithm}
@@ -201,6 +209,9 @@ public static final class Builder {
 
 		private final Map<String, Object> headers = new HashMap<>();
 
+		private Builder() {
+		}
+
 		private Builder(JwaAlgorithm jwaAlgorithm) {
 			Assert.notNull(jwaAlgorithm, "jwaAlgorithm cannot be null");
 			header(JoseHeaderNames.ALG, jwaAlgorithm);
@@ -211,6 +222,16 @@ private Builder(JoseHeader headers) {
 			this.headers.putAll(headers.getHeaders());
 		}
 
+		/**
+		 * Sets the {@link JwaAlgorithm JWA algorithm} used to digitally sign the JWS or
+		 * encrypt the JWE.
+		 * @param jwaAlgorithm the {@link JwaAlgorithm}
+		 * @return the {@link Builder}
+		 */
+		public Builder algorithm(JwaAlgorithm jwaAlgorithm) {
+			return header(JoseHeaderNames.ALG, jwaAlgorithm);
+		}
+
 		/**
 		 * Sets the JWK Set URL that refers to the resource of a set of JSON-encoded
 		 * public keys, one of which corresponds to the key used to digitally sign the JWS