Extend or capture RequestClientCredentialsTokenAsync

[Rick6561]

The solution does not explicitly have to encompass RequestClientCredentialsTokenAsync, that just happens to be the call I'm using for my basic authentication.
My objective is to call RequestClientCredentialsTokenAsync, capture that call through an extension/validation of some manner and perform some additional validation steps prior to issuing the token. I want to grab a parameter value and use it to perform some additional validation.
For example perhaps I put the current time in the parameters and make the call to RequestClientCredentialsTokenAsync, I want to validate that the time of day is between some certain hours... for example. I am able to hit some validation items using various interfaces but can't see the parameters field.
Suggestions are appreciated.
Thx
Rick

[maartenba]

Hi @Rick6561 - There is no interceptor or extensibility baked in, but since you control the client code you can bring your own copy/implementation. The RequestClientCredentialsTokenAsync in Duende IdentityModel is an extension method that you can either copy and customize, or wrap in an extension method of your own.

[Rick6561]

Thank you @maartenba for your quick response. I can see how that would work, I was trying to keep this all in my Identity Server side of the implementation. In essence I want to use the ClientCredential grant type but I need to validate one addition piece of passed information. A bit of a meld of ClientCredential and ResourceOwnerPassword if you will. Once the ClientCredential is validated, I wanted to use something like the user resource to look up an additional key that is being passed along in the parameter dictionary. I don't want to involve the ResourceOwnerGrant type not because of the noted risks but because it is being deprecated.

[maartenba]

In that case you could look at registering a custom ICustomTokenRequestValidator with your service container.

The TokenRequestValidator calls into this (for all grant types) and you should be able to add your custom logic in the ICustomTokenRequestValidator implementation you provide.

E.g.:

public class SomeCustomTokenRequestValidator : ICustomTokenRequestValidator
{
    public Task ValidateAsync(CustomTokenRequestValidationContext context)
    {
        // work with context and context.Result ...

        return Task.CompletedTask;
    }
}

// register it
builder.Services.AddIdentityServer( ... )
   .AddCustomTokenRequestValidator<SomeCustomTokenRequestValidator>();

[Rick6561]

@maartenba thx for the response. I can make all that work and I have looked at other validators along the chain but what is missing for me is the Parameters collection. I need some information that i tucked away in that property. At the validator interface the Parameter property is never available. I have looked up and down, perhaps I am missing it (entirely possible). Thx

Clarification: Parameter property of the token request object, in my specific case the ClientCredentialsTokenRequest. I guess that puts me back to extending the RequestClientCredentialsTokenAsync as you suggested in the first place.

[maartenba]

The context.Result.ValidatedRequest.Raw should have most information available:

[Rick6561]

@maartenba well good grief, don't know why I never saw that. This is exactly what I was after. Thanks for sticking with me.