Dynamic Request Validation and Customization

You can hook into the token request pipeline by implementing the ICustomTokenRequestValidator interface.

This allows you to

  • add additional token request validation logic
  • do custom per-client processing
  • add custom response parameters
  • return custom errors and error descriptions
  • modify parameters on-the-fly
    • access token lifetime and type
    • client claims
    • confirmation method

The following example emits additional claims and changes the token lifetime on-the-fly based on a granted scope.

public class TransactionScopeTokenRequestValidator : ICustomTokenRequestValidator
    public Task ValidateAsync(CustomTokenRequestValidationContext context)
        var transaction = context
                .ParsedScopes.FirstOrDefault(x => x.ParsedName == "transaction");

        // transaction scope has been requested
        if (transaction?.ParsedParameter != null)
            // emit transaction id as a claim
                new Claim(transaction.ParsedName, transaction.ParsedParameter));

            // also shorten token lifetime
            context.Result.ValidatedRequest.AccessTokenLifetime = 10;

        return Task.CompletedTask;

You can register your implementation like this: