Version 6.x has been out of support since May 14, 2024, and this corresponding section of the documentation is no longer maintained. We strongly recommend you upgrade to the latest supported version of 7.x and read the latest version of this documentation.

Dynamic Request Validation and Customization

You can hook into the token request pipeline by implementing the ICustomTokenRequestValidator interface.

This allows you to

  • add additional token request validation logic
  • do custom per-client processing
  • add custom response parameters
  • return custom errors and error descriptions
  • modify parameters on-the-fly
    • access token lifetime and type
    • client claims
    • confirmation method

The following example emits additional claims and changes the token lifetime on-the-fly based on a granted scope.

public class TransactionScopeTokenRequestValidator : ICustomTokenRequestValidator
{
    public Task ValidateAsync(CustomTokenRequestValidationContext context)
    {
        var transaction = context
                .Result
                .ValidatedRequest
                .ValidatedResources
                .ParsedScopes.FirstOrDefault(x => x.ParsedName == "transaction");

        // transaction scope has been requested
        if (transaction?.ParsedParameter != null)
        {
            // emit transaction id as a claim
            context.Result.ValidatedRequest.ClientClaims.Add(
                new Claim(transaction.ParsedName, transaction.ParsedParameter));

            // also shorten token lifetime
            context.Result.ValidatedRequest.AccessTokenLifetime = 10;
        }

        return Task.CompletedTask;
    }
}

You can register your implementation like this:

builder.AddCustomTokenRequestValidator<TransactionScopeTokenRequestValidator>();