Skip to content
Duende Software Docs
We just launched Duende IdentityServer v7.2.0 and BFF v3.0. Check it out!

Dynamic Request Validation and Customization

You can hook into the token request pipeline by implementing the ICustomTokenRequestValidator interface.

This allows you to

  • add additional token request validation logic
  • do custom per-client processing
  • add custom response parameters
  • return custom errors and error descriptions
  • modify parameters on-the-fly
    • access token lifetime and type
    • client claims
    • confirmation method

The following example emits additional claims and changes the token lifetime on-the-fly based on a granted scope.

public class TransactionScopeTokenRequestValidator : ICustomTokenRequestValidator
{
    public Task ValidateAsync(CustomTokenRequestValidationContext context)
    {
        var transaction = context
                .Result
                .ValidatedRequest
                .ValidatedResources
                .ParsedScopes.FirstOrDefault(x => x.ParsedName == "transaction");


        // transaction scope has been requested
        if (transaction?.ParsedParameter != null)
        {
            // emit transaction id as a claim
            context.Result.ValidatedRequest.ClientClaims.Add(
                new Claim(transaction.ParsedName, transaction.ParsedParameter));


            // also shorten token lifetime
            context.Result.ValidatedRequest.AccessTokenLifetime = 10;
        }


        return Task.CompletedTask;
    }
}

You can register your implementation like this:

Program.cs
idsvrBuilder.AddCustomTokenRequestValidator<TransactionScopeTokenRequestValidator>();