iguigova/Shopify Multipass

## Shopify Multipass
using System;
using System.Linq;
using System.Security.Cryptography;
using System.Text;

namespace Logon.IdPx.Shopify
{
    // https://shopify.dev/api/admin/rest/reference/plus/multipass
    // https://bitbucket.org/logonlabs/breadbutter-shopify-poc/src/master/shopify/multipass.js
    // https://stackoverflow.com/questions/44782910/aes128-decryption-in-c-sharp

    public class Shopify
    {
        protected readonly string _storeUrl;
        protected readonly string _storeMultipassSecret;

        protected readonly byte[] _encryptionKey;
        protected readonly AesManaged _encryptionAES;

        protected readonly byte[] _signingKey;
        protected readonly HMACSHA256 _signingAlg;

        public Shopify(string storeUrl, string storeMultipassSecret)
        {
            _storeUrl = storeUrl;
            _storeMultipassSecret = storeMultipassSecret;

            var hash = new SHA256Managed().ComputeHash(Encoding.UTF8.GetBytes(_storeMultipassSecret));

            _encryptionKey = hash.Slice(0, 16);
            _encryptionAES = new AesManaged
            {
                BlockSize = 128,
                KeySize = 128,
                Key = _encryptionKey,
                Mode = CipherMode.CBC,
                Padding = PaddingMode.PKCS7
            };
            _encryptionAES.GenerateIV();

            _signingKey = hash.Slice(16, 16);
            _signingAlg = new HMACSHA256(_signingKey);
        }

        public string GetMultipassTokenUrl(string json)
        {
            var cipher = Encrypt(Encoding.UTF8.GetBytes(json));
            var signature = _signingAlg.ComputeHash(cipher);

            var token = Convert.ToBase64String(cipher.Concat(signature).ToArray()).Replace('+', '-').Replace('/', '_');

            return $"{_storeUrl}/account/login/multipass/{token}";
        }

        protected byte[] Encrypt(byte[] message)
        {
            return _encryptionAES.IV.Concat(_encryptionAES.CreateEncryptor().TransformFinalBlock(message, 0, message.Length)).ToArray();
        }
    }
}
	using System;
	using System.Linq;
	using System.Security.Cryptography;
	using System.Text;

	namespace Logon.IdPx.Shopify
	{
	// https://shopify.dev/api/admin/rest/reference/plus/multipass
	// https://bitbucket.org/logonlabs/breadbutter-shopify-poc/src/master/shopify/multipass.js
	// https://stackoverflow.com/questions/44782910/aes128-decryption-in-c-sharp

	public class Shopify
	{
	protected readonly string _storeUrl;
	protected readonly string _storeMultipassSecret;

	protected readonly byte[] _encryptionKey;
	protected readonly AesManaged _encryptionAES;

	protected readonly byte[] _signingKey;
	protected readonly HMACSHA256 _signingAlg;

	public Shopify(string storeUrl, string storeMultipassSecret)
	{
	_storeUrl = storeUrl;
	_storeMultipassSecret = storeMultipassSecret;

	var hash = new SHA256Managed().ComputeHash(Encoding.UTF8.GetBytes(_storeMultipassSecret));

	_encryptionKey = hash.Slice(0, 16);
	_encryptionAES = new AesManaged
	{
	BlockSize = 128,
	KeySize = 128,
	Key = _encryptionKey,
	Mode = CipherMode.CBC,
	Padding = PaddingMode.PKCS7
	};
	_encryptionAES.GenerateIV();

	_signingKey = hash.Slice(16, 16);
	_signingAlg = new HMACSHA256(_signingKey);
	}

	public string GetMultipassTokenUrl(string json)
	{
	var cipher = Encrypt(Encoding.UTF8.GetBytes(json));
	var signature = _signingAlg.ComputeHash(cipher);

	var token = Convert.ToBase64String(cipher.Concat(signature).ToArray()).Replace('+', '-').Replace('/', '_');

	return $"{_storeUrl}/account/login/multipass/{token}";
	}

	protected byte[] Encrypt(byte[] message)
	{
	return _encryptionAES.IV.Concat(_encryptionAES.CreateEncryptor().TransformFinalBlock(message, 0, message.Length)).ToArray();
	}
	}
	}