using System;

using System.Security.Cryptography;

using System.Web;

using System.Text;

​

public class Program

{

    public static void Main()

    {

        Console.WriteLine("Hello World");

        var accessToken = "TG9jYWxSb2xlVmVyc2lvblJpZD0zMDIwMCZPcmdhbml6YXRpb25PaWQ9MS4yLjI0Ni4xMC4xOTYyMzY1NC4xMC4xMSZPcmdhbml6YXRpb25JZD02NjgmRGVwYXJ0bWVudElkPWx2byZSZWdpc3RyeU9pZD0xLjIuMjQ2LjEwLjE5NjIzNjU0LjE5LjExJlJlZ2lzdHJ5VHlwZT0yJlNlY3JldElkPTc0MzkmU2Vzc2lvbklkPTEwMzAwMTEmQXV0aGVudGljYXRpb25UeXBlPVBhc3N3b3JkJlRlbmFudElkPSZJc3N1ZXI9aHR0cHM6Ly9zYi1iLWZ1dHVyZS5oY3d0ZXN0c2Fhcy5sb2NhbC9FbmRwb2ludC9FbmRwb2ludC5zdmMmQXVkaWVuY2U9dGlldG8mRXhwaXJlc09uPTE2MTQ4NDkzMTAmSE1BQ1NIQTI1Nj16M1FVcFJIQzdJQmd3bFpGQndCN0hiUnE5bjAxb3RMZFRCNWJVOXVraUp3JTNk";

        byte[] data = Convert.FromBase64String(accessToken);

        var decodedToken = Encoding.UTF8.GetString(data); 

        var _tokenHashSecret = Encoding.ASCII.GetBytes("69aff5c8-8caf-4d81-b01e-7c155d3572a6" + "abcd#37268AB5-3568-4752-8D6E-D30974A9C21E#dcba");

        var response = IsHMACValid(decodedToken, _tokenHashSecret);

        Console.WriteLine(response);

    }

​

    private static  bool IsHMACValid(string token, byte[] sha256HMACKey)

    {

        string[] swtWithSignature =  token.Split(new string[] { String.Format("&{0}=", "HMACSHA256") }, StringSplitOptions.None);

        Console.WriteLine(swtWithSignature[0]);

        if ((swtWithSignature.Length != 2))

        {

            return false;

        }

​

        using (var hmac = new HMACSHA256(sha256HMACKey))

        {

            byte[] locallyGeneratedSignatureInBytes = hmac.ComputeHash(Encoding.ASCII.GetBytes(swtWithSignature[0]));

            string locallyGeneratedSignature = HttpUtility.UrlEncode(Convert.ToBase64String(locallyGeneratedSignatureInBytes));

​

            if (null == locallyGeneratedSignature) return false;

​

            return locallyGeneratedSignature.Equals(swtWithSignature[1]);

        }

    }

}