Dynamic Request Validation and Customization

You can hook into the token request pipeline by implementing the ICustomTokenRequestValidator interface.

This would allow for

  • adding additional token request validation logic
  • do custom per-client processing
  • adding custom response parameters
  • return custom errors and error descriptions
  • modifying parameters on-the-fly
    • access token lifetime and type
    • client claims
    • confirmation method

The following example emits additional claims and changes the token lifetime on-the-fly based on a granted scope.

public class TransactionScopeTokenRequestValidator : ICustomTokenRequestValidator
{
    public Task ValidateAsync(CustomTokenRequestValidationContext context)
    {
        var transaction = context
                .Result
                .ValidatedRequest
                .ValidatedResources
                .ParsedScopes.FirstOrDefault(x => x.ParsedName == "transaction");

        // transaction scope has been requested
        if (transaction?.ParsedParameter != null)
        {
            // emit transaction id as a claim
            context.Result.ValidatedRequest.ClientClaims.Add(
                new Claim(transaction.ParsedName, transaction.ParsedParameter));

            // also shorten token lifetime
            context.Result.ValidatedRequest.AccessTokenLifetime = 10;
        }

        return Task.CompletedTask;
    }
}

You can register your implementation like this:

builder.AddCustomTokenRequestValidator<TransactionScopeTokenRequestValidator>();