Skip to content
Duende Software Docs
Livestream: Token management: Applying the Duende Backend for Frontend Pattern (BFF) Security Framework. Register now.

Grant Validation Result

Duende.IdentityServer.Validation.GrantValidationResult

Section titled “Duende.IdentityServer.Validation.GrantValidationResult”

The GrantValidationResult class models the outcome of grant validation for extensions grants and resource owner password grants.

It models either a successful validation result with claims (e.g. subject ID) or an invalid result with an error code and message, e.g.:

public class ExtensionGrantValidator : IExtensionGrantValidator
{
    public Task ValidateAsync(ExtensionGrantValidationContext context)
    {
        // some validation steps


        if (success)
        {
            context.Result = new GrantValidationResult(
                subject: "818727",
                authenticationMethod: "custom",
                claims: extraClaims);
        }
        else
        {
            // custom error message
            context.Result = new GrantValidationResult(
                TokenRequestErrors.InvalidGrant,
                "invalid custom credential");
        }


        return Task.CompletedTask;
    }
}

It also allows passing additional custom values that will be included in the token response, e.g.:

context.Result = new GrantValidationResult(
    subject: "818727",
    authenticationMethod: "custom",
    customResponse: new Dictionary<string, object>
    {
        { "some_data", "some_value" }
    });

This will result in the following token response:

{
  "access_token": "...",
  "token_type": "Bearer",
  "expires_in": 360,
  "some_data": "some_value"
}