/// <summary>Validates the authorization code.</summary>
        /// <exception cref="ArgumentNullException">Thrown when code is null.</exception>
        /// <exception cref="InvalidOperationException">
        /// Thrown when the JWT does not contain a c_hash claim.
        /// </exception>
        /// <param name="jwt">The token to act on.</param>
        /// <param name="code">The code.</param>
        /// <returns>true if it succeeds, false if it fails.</returns>
        public static bool ValidateAuthorizationCode(this JsonWebToken jwt, string code)
        {
            if (string.IsNullOrEmpty(code))
            {
                throw new ArgumentNullException(nameof(code));
            }

            var hash = jwt.Payload.FirstOrDefault(x => x.Key == "c_hash");

            if (hash.Value == null)
            {
                throw new InvalidOperationException("The JWT does not contain a c_hash claim. It is required to validate authentication codes.");
            }

            var validator = new TokenValidator();

            return(validator.ValidateAuthorizationCodeHash(code, hash.Value.ToString(), jwt.Header.Algorithm));
        }