/// <summary> /// Checks whether the specified client secret is correct. /// </summary> /// <param name="secret">The secret obtained from the client.</param> /// <returns><c>true</c> if the secret matches the one in the authorization server's record for the client; <c>false</c> otherwise.</returns> /// <remarks> /// All string equality checks, whether checking secrets or their hashes, /// should be done using <see cref="DateTimeUtilities.EqualsConstantTime"/> to mitigate timing attacks. /// </remarks> bool IClientDescription.IsValidClientSecret(string secret) { return(DateTimeUtilities.EqualsConstantTime(secret, this.ClientSecret)); }