public string GetToken(string audience, string credentials)
        {
            // Ignoring the credentials, let's add a few claims.
            // Instead of retrieving the shared key of the audience,
            // just hardcoding a key here. Both TokenIssuer and
            // RelyingParty has the same key.
            string key = "qqO5yXcbijtAdYmS2Otyzeze2XQedqy+Tp37wQ3sgTQ=";
            var token = new SimpleWebToken() {Issuer = "TokenIssuer"};
            token.AddClaim(ClaimTypes.Name, "Badri");
            token.AddClaim(ClaimTypes.Email, "*****@*****.**");
            token.AddClaim(ClaimTypes.Role, "Developer");
            token.AddClaim(ClaimTypes.Role, "Administrator");

            return token.ToString();
        }
        public static SimpleWebToken Parse(string token)
        {
            NameValueCollection items = HttpUtility.ParseQueryString(token);
            var swt = new SimpleWebToken();

            foreach (string key in items.AllKeys)
            {
                string item = items[key];
                switch (key)
                {
                    case "Issuer":
                        swt.Issuer = item;
                        break;
                    case "Audience":
                        swt.Audience = item;
                        break;
                    case "ExpiresOn":
                        swt.ExpiresOn = ulong.Parse(item);
                        break;
                    case "HMACSHA256":
                        swt.Signature =
                            Convert.FromBase64String(item);
                        break;
                    default:
                        swt.AddClaim(key, items[key]);
                        break;
                }
            }

            string rawToken = swt.ToString(); // Computes HMAC inside ToString()
            string computedSignature = HttpUtility.ParseQueryString(rawToken)
                ["HMACSHA256"];

            if (!computedSignature.Equals(Convert.ToBase64String(swt.Signature),
                                          StringComparison.Ordinal))
                throw new SecurityTokenValidationException("Signature is invalid");

            TimeSpan ts = DateTime.UtcNow - EpochStart;

            if (swt.ExpiresOn < Convert.ToUInt64(ts.TotalSeconds))
                throw new SecurityTokenException("Token has expired");

            return swt;
        }
        public User AddNewUser(User user)
        {
            user.Id = Guid.NewGuid();
            user.CreatedDateTime = DateTime.UtcNow;
            user.LastUpdatedDateTime = DateTime.UtcNow;

            // Verify no Duplicate user has been created before, if not, give 20 credit.
            // other wise reply error message mention user already exist
            user.CreditBalance = 20;

            if (string.IsNullOrEmpty(user.Phone))
            {
                HttpContext.Current.Response.StatusCode = (int)HttpStatusCode.BadRequest;
                HttpContext.Current.Response.Output.WriteLine("Missing Phone Number");
            }

            // Verify phone # is of correct format

            // Verify Users has the right Sms Auth Code

            _dbContext.Users.Add(user);
            _dbContext.SaveChanges();
            var dbUser = _dbContext.Users.FirstOrDefault(u => u.FacebookId == user.FacebookId);

            // Generate Local Domain Token for user
            if (dbUser != null)
            {
                var swt = new SimpleWebToken();
                swt.AddClaim("id", user.Id.ToString());
                swt.AddClaim("fbid", user.FacebookId);
                var computedToken = swt.ToString();
                HttpContext.Current.Response.Headers.Add("Authorization", computedToken);
            }

            return dbUser;
        }
        public List<User> GetAllUsers()
        {
            var users = _dbContext.Users.Where(u => u.FacebookId == _facebookId).Take(1).ToList();

            // Generate Local Domain Token for user
            if (users.Count != 0)
            {
                var user = users[0];
                var swt = new SimpleWebToken();
                swt.AddClaim("id", user.Id.ToString());
                swt.AddClaim("fbid", user.FacebookId);
                var computedToken = swt.ToString();
                HttpContext.Current.Response.Headers.Add("Authorization", computedToken);
            }

            return users;
        }