DuendeSoftware/IdentityServer

Consider custom reuse of DefaultTokenValidator

AndersAbel opened this issue · 1 comments

The DefaultTokenValidator class is internal and not possible to derive from. It is also not designed to be extensible/adapted.

When implementing token exchange it would be useful in some scenarios to be able to reuse and customize the token validator logic. One example is a multi tenanted setup with issuer-per-tenant where token exchange is used. It is possible to implement that as a custom validator, but it would essentially just be a copy of our token validator with a custom issuer validation step.

We should consider if the DefaultTokenValidator class should be opened up to allow deriving. That would also include redesigning the class to make it easier for a derived class to alter behaviour through overrides.