#aaronpk[dmitshur]: I'm not sure I understand what you're trying to do. The verification should be pretty straightforward, you do the same sha256 calculation of the value you get in the token request and compare the hash with what came in the request