public static async Task <GoogleUserProfile> Authorize(string token, ILog logger) { var debugSetting = WebConfigurationManager.AppSettings["debug"]; var debug = bool.Parse(debugSetting); if (debug) { logger.Info($"Token: {token}"); } var client = new HttpClient(); var url = string.Format(Endpoint, token); var response = client.GetAsync(url); var data = await response.Result.Content.ReadAsStringAsync(); TokenResponse tokenResponse; try { tokenResponse = JsonConvert.DeserializeObject <TokenResponse>(data); } catch (JsonSerializationException) { return(null); } //EXP(iry) should not be passed var unixNow = TimeConversion.GetUnixNow(); if (tokenResponse.Exp < unixNow) { logger.Info($"Token expired."); return(null); } //AUD(ience) has to be valid ClientId of our application if (tokenResponse.Aud == null) { return(null); } if (tokenResponse.Aud.Contains(ClientIdIos) || tokenResponse.Aud.Contains(ClientIdAndroid) || tokenResponse.Aud.Contains(ClientIdWeb)) { var email = Regex.Match(tokenResponse.Email, "@(.*)$"); if (email.Success && email.Groups[1].Value == "hr.nl") { //If everything is okay: login logger.Info($"Logged in!"); return(new GoogleUserProfile(tokenResponse)); } logger.Info("Not an @hr.nl email address"); return(null); } //If validation fails, return null logger.Info("Invalid audience."); return(null); }