/// <summary>
/// Decodes the specified token.
/// </summary>
/// <param name="token">The token.</param>
/// <returns>The decoded token; Or null if it's invalid.</returns>
private static Token Decode(string token)
{
var parts = token?.Split('.') ?? new string[0];
using (var hash = new HMACSHA256(Settings.ValidationKey))
{
if (parts.Length != 3 || parts[0] != Header || Base64UrlEncoder.Encode(hash.ComputeHash(Encoding.Default.GetBytes($"{parts[0]}.{parts[1]}"))) != parts[2])
{
return(null);
}
var payload = JsonConvert.DeserializeObject <Token>(Base64UrlEncoder.DecodeString(parts[1]));
if (payload.Issuer != Issuer || Epoch.AddSeconds(payload.Expiration) < DateTime.UtcNow)
{
return(null);
}
return(payload);
}
}
