public void VerifyGoogleToken(string idToken) { if (idToken != null) { try { JwtSecurityToken token = new JwtSecurityToken(idToken); JwtSecurityTokenHandler jsth = new JwtSecurityTokenHandler(); string audience = token.Audiences.ToString(); Byte[][] certBytes = SOSCodecs.getGoogleCertBytes(); Dictionary <String, X509Certificate2> certificates = new Dictionary <string, X509Certificate2>(); for (int i = 0; i < certBytes.Length; i++) { X509Certificate2 certificate = new X509Certificate2(certBytes[i]); certificates.Add(certificate.Thumbprint, certificate); } // Set up token validation TokenValidationParameters tvp = new TokenValidationParameters() { ValidateActor = false, ValidAudience = ConfigProvider.ConfigurationStore.GoogleClientID, ValidateIssuer = true, ValidIssuer = "accounts.google.com", ValidateIssuerSigningKey = true, RequireSignedTokens = true, CertificateValidator = X509CertificateValidator.None, IssuerSigningKeyResolver = (s, securityToken, identifier, parameter) => { return(identifier.Select(x => { if (certificates.ContainsKey(x.Id.ToUpper())) { return new X509SecurityKey(certificates[x.Id.ToUpper()]); } return null; }).First(x => x != null)); }, ValidateLifetime = false, RequireExpirationTime = true, ClockSkew = TimeSpan.FromHours(12) }; SecurityToken validateToken; ClaimsPrincipal cp = jsth.ValidateToken(idToken, tvp, out validateToken); if (cp != null) { _IsTokenValid = true; } } catch (Exception e) { _IsTokenValid = false; } } }