private bool AuthEmailHeaderIsValid(ResourceOwnerPasswordValidationContext context) { if (!_currentContext.HttpContext.Request.Headers.ContainsKey("Auth-Email")) { return(false); } else { try { var authEmailHeader = _currentContext.HttpContext.Request.Headers["Auth-Email"]; var authEmailDecoded = CoreHelpers.Base64UrlDecodeString(authEmailHeader); if (authEmailDecoded != context.UserName) { return(false); } } catch (System.Exception e) when(e is System.InvalidOperationException || e is System.FormatException) { // Invalid B64 encoding return(false); } } return(true); }