You can hook into the token request pipeline by implementing the ICustomTokenRequestValidator interface.
This allows you to
The following example emits additional claims and changes the token lifetime on-the-fly based on a granted scope.
public class TransactionScopeTokenRequestValidator : ICustomTokenRequestValidator
{
public Task ValidateAsync(CustomTokenRequestValidationContext context)
{
var transaction = context
.Result
.ValidatedRequest
.ValidatedResources
.ParsedScopes.FirstOrDefault(x => x.ParsedName == "transaction");
// transaction scope has been requested
if (transaction?.ParsedParameter != null)
{
// emit transaction id as a claim
context.Result.ValidatedRequest.ClientClaims.Add(
new Claim(transaction.ParsedName, transaction.ParsedParameter));
// also shorten token lifetime
context.Result.ValidatedRequest.AccessTokenLifetime = 10;
}
return Task.CompletedTask;
}
}
You can register your implementation like this:
builder.AddCustomTokenRequestValidator<TransactionScopeTokenRequestValidator>();