using System.Security.Cryptography;
public static void Main()
Console.WriteLine("Hello World");
var accessToken = "TG9jYWxSb2xlVmVyc2lvblJpZD0zMDIwMCZPcmdhbml6YXRpb25PaWQ9MS4yLjI0Ni4xMC4xOTYyMzY1NC4xMC4xMSZPcmdhbml6YXRpb25JZD02NjgmRGVwYXJ0bWVudElkPWx2byZSZWdpc3RyeU9pZD0xLjIuMjQ2LjEwLjE5NjIzNjU0LjE5LjExJlJlZ2lzdHJ5VHlwZT0yJlNlY3JldElkPTc0MzkmU2Vzc2lvbklkPTEwMzAwMTEmQXV0aGVudGljYXRpb25UeXBlPVBhc3N3b3JkJlRlbmFudElkPSZJc3N1ZXI9aHR0cHM6Ly9zYi1iLWZ1dHVyZS5oY3d0ZXN0c2Fhcy5sb2NhbC9FbmRwb2ludC9FbmRwb2ludC5zdmMmQXVkaWVuY2U9dGlldG8mRXhwaXJlc09uPTE2MTQ4NDkzMTAmSE1BQ1NIQTI1Nj16M1FVcFJIQzdJQmd3bFpGQndCN0hiUnE5bjAxb3RMZFRCNWJVOXVraUp3JTNk";
byte[] data = Convert.FromBase64String(accessToken);
var decodedToken = Encoding.UTF8.GetString(data);
var _tokenHashSecret = Encoding.ASCII.GetBytes("69aff5c8-8caf-4d81-b01e-7c155d3572a6" + "abcd#37268AB5-3568-4752-8D6E-D30974A9C21E#dcba");
var response = IsHMACValid(decodedToken, _tokenHashSecret);
Console.WriteLine(response);
private static bool IsHMACValid(string token, byte[] sha256HMACKey)
string[] swtWithSignature = token.Split(new string[] { String.Format("&{0}=", "HMACSHA256") }, StringSplitOptions.None);
Console.WriteLine(swtWithSignature[0]);
if ((swtWithSignature.Length != 2))
using (var hmac = new HMACSHA256(sha256HMACKey))
byte[] locallyGeneratedSignatureInBytes = hmac.ComputeHash(Encoding.ASCII.GetBytes(swtWithSignature[0]));
string locallyGeneratedSignature = HttpUtility.UrlEncode(Convert.ToBase64String(locallyGeneratedSignatureInBytes));
if (null == locallyGeneratedSignature) return false;
return locallyGeneratedSignature.Equals(swtWithSignature[1]);