private AuthenticationResultEx ResultFromBrokerResponse(IDictionary <string, string> responseDictionary) { TokenResponse response; if (responseDictionary.ContainsKey("error") || responseDictionary.ContainsKey("error_description")) { response = TokenResponse.CreateFromBrokerResponse(responseDictionary); } else { string expectedHash = responseDictionary["hash"]; string encryptedResponse = responseDictionary["response"]; string decryptedResponse = BrokerKeyHelper.DecryptBrokerResponse(encryptedResponse); string responseActualHash = CryptographyHelper.CreateSha256Hash(decryptedResponse); byte[] rawHash = Convert.FromBase64String(responseActualHash); string hash = BitConverter.ToString(rawHash); if (expectedHash.Equals(hash.Replace("-", ""))) { responseDictionary = EncodingHelper.ParseKeyValueList(decryptedResponse, '&', false, null); response = TokenResponse.CreateFromBrokerResponse(responseDictionary); } else { response = new TokenResponse { Error = AdalError.BrokerReponseHashMismatch, ErrorDescription = AdalErrorMessage.BrokerReponseHashMismatch }; } } var dateTimeOffset = new DateTimeOffset(new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc)); dateTimeOffset = dateTimeOffset.AddSeconds(response.ExpiresOn); return(response.GetResult(dateTimeOffset, dateTimeOffset)); }