public override SecurityToken GetTokenFromString(string token)
{
// TODO: validate
var items = HttpUtility.ParseQueryString(token);
var issuer = items[IssuerLabel];
items.Remove(IssuerLabel);
var audience = items[AudienceLabel];
items.Remove(AudienceLabel);
var expiresOn = items[ExpiresOnLabel];
items.Remove(ExpiresOnLabel);
var id = items[IdLabel];
items.Remove(IdLabel);
var algorithm = items[SignatureAlgorithmLabel];
items.Remove(SignatureAlgorithmLabel);
// Treat signature differently to avoid loosing characters like '+' in the decoding
var signature = ExtractSignature(HttpUtility.UrlDecode(token));
items.Remove(SignatureLabel);
byte[] signatureBytes = Convert.FromBase64String(signature);
DateTime validTo = this.GetDateTimeFromExpiresOn((ulong)Convert.ToInt64(expiresOn));
var swt = new SimpleWebToken(issuer)
{
Audience = audience,
Signature = signatureBytes,
TokenValidity = validTo - DateTime.UtcNow
};
if (id != null)
{
swt.SetId(id);
}
if (string.IsNullOrEmpty(algorithm))
{
swt.SignatureAlgorithm = algorithm;
}
foreach (string key in items.AllKeys)
{
swt.AddClaim(key, items[key]);
}
swt.RawToken = token;
return swt;
}
