public async Task <Token> GetTokenAsync(string tokenId, string applicationKey) { if (string.IsNullOrEmpty(tokenId)) { throw new ArgumentException("TokenId is required", nameof(tokenId)); } if (string.IsNullOrEmpty(applicationKey)) { throw new ArgumentException("Application key is required", nameof(applicationKey)); } var token = await _tokenStorage.GetAndDeleteAsync(tokenId); var externalApplication = await _externalApplicationStorage.GetFromApplicationKeyAsync(applicationKey); if (externalApplication.Active && externalApplication.ExternalApplicationId == token.ExternalApplicationId && token.Created.AddSeconds(15) >= DateTimeOffset.Now) { return(token); } throw new AuthenticationException($"Authentication failed for token id {tokenId} and application key {applicationKey}"); }