Validate that a specified context token string is intended for this application based on the parameters specified in web.config. Parameters used from web.config used for validation include ClientId, HostedAppHostNameOverride, HostedAppHostName, ClientSecret, and Realm (if it is specified). If HostedAppHostNameOverride is present, it will be used for validation. Otherwise, if the appHostName is not null, it is used for validation instead of the web.config's HostedAppHostName. If the token is invalid, an exception is thrown. If the token is valid, TokenHelper's static STS metadata url is updated based on the token contents and a JsonWebSecurityToken based on the context token is returned.