Consider custom reuse of DefaultTokenValidator
AndersAbel opened this issue · 1 comments
The DefaultTokenValidator
class is internal and not possible to derive from. It is also not designed to be extensible/adapted.
When implementing token exchange it would be useful in some scenarios to be able to reuse and customize the token validator logic. One example is a multi tenanted setup with issuer-per-tenant where token exchange is used. It is possible to implement that as a custom validator, but it would essentially just be a copy of our token validator with a custom issuer validation step.
We should consider if the DefaultTokenValidator class should be opened up to allow deriving. That would also include redesigning the class to make it easier for a derived class to alter behaviour through overrides.