public override SecurityToken GetTokenFromString(string token) { // TODO: validate var items = HttpUtility.ParseQueryString(token); var issuer = items[IssuerLabel]; items.Remove(IssuerLabel); var audience = items[AudienceLabel]; items.Remove(AudienceLabel); var expiresOn = items[ExpiresOnLabel]; items.Remove(ExpiresOnLabel); var id = items[IdLabel]; items.Remove(IdLabel); var algorithm = items[SignatureAlgorithmLabel]; items.Remove(SignatureAlgorithmLabel); // Treat signature differently to avoid loosing characters like '+' in the decoding var signature = ExtractSignature(HttpUtility.UrlDecode(token)); items.Remove(SignatureLabel); byte[] signatureBytes = Convert.FromBase64String(signature); DateTime validTo = this.GetDateTimeFromExpiresOn((ulong)Convert.ToInt64(expiresOn)); var swt = new SimpleWebToken(issuer) { Audience = audience, Signature = signatureBytes, TokenValidity = validTo - DateTime.UtcNow }; if (id != null) { swt.SetId(id); } if (string.IsNullOrEmpty(algorithm)) { swt.SignatureAlgorithm = algorithm; } foreach (string key in items.AllKeys) { swt.AddClaim(key, items[key]); } swt.RawToken = token; return swt; }