/// <summary>
        /// Decodes the specified token.
        /// </summary>
        /// <param name="token">The token.</param>
        /// <returns>The decoded token; Or null if it's invalid.</returns>
        private static Token Decode(string token)
        {
            var parts = token?.Split('.') ?? new string[0];

            using (var hash = new HMACSHA256(Settings.ValidationKey))
            {
                if (parts.Length != 3 || parts[0] != Header || Base64UrlEncoder.Encode(hash.ComputeHash(Encoding.Default.GetBytes($"{parts[0]}.{parts[1]}"))) != parts[2])
                {
                    return(null);
                }

                var payload = JsonConvert.DeserializeObject <Token>(Base64UrlEncoder.DecodeString(parts[1]));
                if (payload.Issuer != Issuer || Epoch.AddSeconds(payload.Expiration) < DateTime.UtcNow)
                {
                    return(null);
                }

                return(payload);
            }
        }