private void DecodeJWT(string token, IAccount account, ref IAuthContext authContext) { JwtPayload jwtPayload = JwtHelpers.DecodeToObject <JwtPayload>(token); if (authContext.AuthType == AuthenticationType.UserProvidedAccessToken) { if (jwtPayload == null) { throw new Exception(string.Format( CultureInfo.CurrentCulture, ErrorConstants.Message.InvalidUserProvidedToken, nameof(AccessToken))); } if (jwtPayload.Exp <= JwtHelpers.ConvertToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromMinutes(Constants.TokenExpirationBufferInMinutes))) { throw new Exception(string.Format( CultureInfo.CurrentCulture, ErrorConstants.Message.ExpiredUserProvidedToken, nameof(AccessToken))); } } authContext.ClientId = jwtPayload?.Appid ?? authContext.ClientId; authContext.Scopes = jwtPayload?.Scp?.Split(' ') ?? jwtPayload?.Roles; authContext.TenantId = jwtPayload?.Tid ?? account?.HomeAccountId?.TenantId; authContext.AppName = jwtPayload?.AppDisplayname; authContext.Account = jwtPayload?.Upn ?? account?.Username; }