protected AuthenticateResult HandleAuthenticateSync()
        {
            if (!Request.Headers.TryGetValue("Authorization", out var headerRow))
            {
                return(AuthenticateResult.NoResult());
            }
            if (!AuthenticationHeaderValue.TryParse(headerRow.ToString(), out var header))
            {
                return(AuthenticateResult.NoResult());
            }
            if (header.Scheme != "TelegramWidget")
            {
                return(AuthenticateResult.NoResult());
            }

            byte[] infoInBase64;
            try
            {
                infoInBase64 = Convert.FromBase64String(header.Parameter);
            }
            catch
            {
                return(AuthenticateResult.Fail($"invalid base64 content"));
            }

            var jsonParam = Encoding.UTF8.GetString(infoInBase64);
            TelegramUserInfo userInfo;

            try
            {
                userInfo = JsonSerializer.Deserialize <TelegramUserInfo>(jsonParam);
            }
            catch
            {
                return(AuthenticateResult.Fail($"invalid json content in base64 string"));
            }

            var loginWidget = new LoginWidget(telegramBotOptions.Value.AccessToken)
            {
                AllowedTimeOffset = (long)TimeSpan.FromDays(10).TotalSeconds
            };
            var userInfoAsDictionary = ReadUserInfoAsDictionary(userInfo);

            var authResult = loginWidget.CheckAuthorization(userInfoAsDictionary);

            if (authResult != Authorization.Valid)
            {
                return(AuthenticateResult.Fail($"Incorrect telegram info: {authResult}"));
            }
            var tgIdentity        = TelegramWidgetClaimsIdentityGenerator.GetIdentityForUserInfo(userInfo);
            var internalPrincipal = internalClaimsIdentityGenerator.Generate(userInfo);

            var principal = new ClaimsPrincipal(new ClaimsIdentity[] { tgIdentity, internalPrincipal });

            return(AuthenticateResult.Success(new AuthenticationTicket(principal, AuthenticationSchemeConstants.TelegramWidgetAuthenticationScheme)));
        }
        private async Task <ClaimsPrincipal> GetPrincipal()
        {
            var version = await localStorage.GetItemAsync <string>("version");

            var correctVersion = configuration.GetSection("Version").Value;

            if (version != correctVersion)
            {
                await localStorage.ClearAsync();

                await localStorage.SetItemAsync(nameof(version), correctVersion);
            }
            try
            {
                var telegramUserInfo = await localStorage.GetItemAsync <TelegramUserInfo>("telegramUserInfo");

                if (telegramUserInfo == null)
                {
                    Console.WriteLine("no user info");
                    return(new ClaimsPrincipal());
                }
                else
                {
                    var(success, claims) = await TryGetInternalClaims(telegramUserInfo);

                    if (success)
                    {
                        var tgIdentity       = TelegramWidgetClaimsIdentityGenerator.GetIdentityForUserInfo(telegramUserInfo);
                        var internalIdentity = new ClaimsIdentity(claims, InternalClaimConstants.IDENTITY_AUTH_TYPE);

                        return(new ClaimsPrincipal(new ClaimsIdentity[] { tgIdentity, internalIdentity }));
                    }
                    else
                    {
                        Console.WriteLine("can't login");

                        return(new ClaimsPrincipal());
                    }
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine("exception");
                Console.WriteLine(ex);
                return(new ClaimsPrincipal());
            }
        }