Skip to content
Duende Software Docs
Livestream: Custom Authentication in ASP.NET Core - RemoteAuthenticationHandler with Erin and Robert from Active Solution. Register Now!

Dynamic Request Validation and Customization

You can hook into the token request pipeline by implementing the ICustomTokenRequestValidator interface.

This allows you to

  • add additional token request validation logic
  • do custom per-client processing
  • add custom response parameters
  • return custom errors and error descriptions
  • modify parameters on-the-fly
    • access token lifetime and type
    • client claims
    • confirmation method

The following example emits additional claims and changes the token lifetime on-the-fly based on a granted scope.

public class TransactionScopeTokenRequestValidator : ICustomTokenRequestValidator
{
    public Task ValidateAsync(CustomTokenRequestValidationContext context)
    {
        var transaction = context
                .Result
                .ValidatedRequest
                .ValidatedResources
                .ParsedScopes.FirstOrDefault(x => x.ParsedName == "transaction");


        // transaction scope has been requested
        if (transaction?.ParsedParameter != null)
        {
            // emit transaction id as a claim
            context.Result.ValidatedRequest.ClientClaims.Add(
                new Claim(transaction.ParsedName, transaction.ParsedParameter));


            // also shorten token lifetime
            context.Result.ValidatedRequest.AccessTokenLifetime = 10;
        }


        return Task.CompletedTask;
    }
}

You can register your implementation like this:

Program.cs
idsvrBuilder.AddCustomTokenRequestValidator<TransactionScopeTokenRequestValidator>();