Backport the notifications system to OpenIddict 1.x

src/OpenIddict.Abstractions/OpenIddictBuilder.cs

@@ -35,4 +35,4 @@ namespace Microsoft.Extensions.DependencyInjection
         [EditorBrowsable(EditorBrowsableState.Never)]
         public IServiceCollection Services { get; }
     }
-}
+}

src/OpenIddict.Core/OpenIddictCoreBuilder.cs

@@ -780,4 +780,4 @@ namespace Microsoft.Extensions.DependencyInjection
             return Configure(options => options.DefaultTokenType = type);
         }
     }
-}
+}

src/OpenIddict.Server/IOpenIddictServerEvent.cs

@@ -0,0 +1,7 @@
+namespace OpenIddict.Server
+{
+    /// <summary>
+    /// Represents an OpenIddict server event.
+    /// </summary>
+    public interface IOpenIddictServerEvent { }
+}

src/OpenIddict.Server/IOpenIddictServerEventHandler.cs

@@ -0,0 +1,25 @@
+using System.Threading;
+using System.Threading.Tasks;
+using JetBrains.Annotations;
+
+namespace OpenIddict.Server
+{
+    /// <summary>
+    /// Represents a handler able to process <typeparamref name="TEvent"/> events.
+    /// </summary>
+    /// <typeparam name="TEvent">The type of the events handled by this instance.</typeparam>
+    public interface IOpenIddictServerEventHandler<TEvent> where TEvent : class, IOpenIddictServerEvent
+    {
+        /// <summary>
+        /// Processes the event.
+        /// </summary>
+        /// <param name="notification">The event to process.</param>
+        /// <param name="cancellationToken">
+        /// The <see cref="CancellationToken"/> that can be used to abort the operation.
+        /// </param>
+        /// <returns>
+        /// A <see cref="Task"/> that can be used to monitor the asynchronous operation.
+        /// </returns>
+        Task HandleAsync([NotNull] TEvent notification, CancellationToken cancellationToken);
+    }
+}

src/OpenIddict.Server/IOpenIddictServerEventService.cs

@@ -0,0 +1,22 @@
+using System.Threading;
+using System.Threading.Tasks;
+using JetBrains.Annotations;
+
+namespace OpenIddict.Server
+{
+    /// <summary>
+    /// Dispatches events by invoking the corresponding handlers.
+    /// </summary>
+    public interface IOpenIddictServerEventService
+    {
+        /// <summary>
+        /// Publishes a new event.
+        /// </summary>
+        /// <typeparam name="TEvent">The type of the event to publish.</typeparam>
+        /// <param name="notification">The event to publish.</param>
+        /// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
+        /// <returns>A <see cref="Task"/> that can be used to monitor the asynchronous operation.</returns>
+        Task PublishAsync<TEvent>([NotNull] TEvent notification, CancellationToken cancellationToken = default)
+            where TEvent : class, IOpenIddictServerEvent;
+    }
+}

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs

@@ -110,7 +110,8 @@ namespace OpenIddict.Server
                 }
             }
 
-            await base.ExtractAuthorizationRequest(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ExtractAuthorizationRequest(context));
         }
 
         public override async Task ValidateAuthorizationRequest([NotNull] ValidateAuthorizationRequestContext context)
@@ -441,7 +442,8 @@ namespace OpenIddict.Server
 
             context.Validate();
 
-            await base.ValidateAuthorizationRequest(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ValidateAuthorizationRequest(context));
         }
 
         public override async Task HandleAuthorizationRequest([NotNull] HandleAuthorizationRequestContext context)
@@ -493,7 +495,8 @@ namespace OpenIddict.Server
                 return;
             }
 
-            await base.HandleAuthorizationRequest(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.HandleAuthorizationRequest(context));
         }
 
         public override async Task ApplyAuthorizationResponse([NotNull] ApplyAuthorizationResponseContext context)
@@ -534,7 +537,8 @@ namespace OpenIddict.Server
                 }
             }
 
-            await base.ApplyAuthorizationResponse(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ApplyAuthorizationResponse(context));
         }
     }
-}
+}

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Discovery.cs

@@ -13,6 +13,14 @@ namespace OpenIddict.Server
 {
     public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
+        public override Task ExtractConfigurationRequest([NotNull] ExtractConfigurationRequestContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ExtractConfigurationRequest(context));
+
+        public override Task ValidateConfigurationRequest([NotNull] ValidateConfigurationRequestContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ValidateConfigurationRequest(context));
+
         public override Task HandleConfigurationRequest([NotNull] HandleConfigurationRequestContext context)
         {
             var options = (OpenIddictServerOptions) context.Options;
@@ -41,7 +49,27 @@ namespace OpenIddict.Server
             context.Metadata[OpenIdConnectConstants.Metadata.RequestParameterSupported] = false;
             context.Metadata[OpenIdConnectConstants.Metadata.RequestUriParameterSupported] = false;
 
-            return base.HandleConfigurationRequest(context);
+            return GetEventService(context.HttpContext.RequestServices).PublishAsync(new OpenIddictServerEvents.HandleConfigurationRequest(context));
         }
+
+        public override Task ApplyConfigurationResponse([NotNull] ApplyConfigurationResponseContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ApplyConfigurationResponse(context));
+
+        public override Task ExtractCryptographyRequest([NotNull] ExtractCryptographyRequestContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ExtractCryptographyRequest(context));
+
+        public override Task ValidateCryptographyRequest([NotNull] ValidateCryptographyRequestContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ValidateCryptographyRequest(context));
+
+        public override Task HandleCryptographyRequest([NotNull] HandleCryptographyRequestContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.HandleCryptographyRequest(context));
+
+        public override Task ApplyCryptographyResponse([NotNull] ApplyCryptographyResponseContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ApplyCryptographyResponse(context));
     }
-}
+}

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs

@@ -21,6 +21,10 @@ namespace OpenIddict.Server
 {
     public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
+        public override Task ExtractTokenRequest([NotNull] ExtractTokenRequestContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ExtractTokenRequest(context));
+
         public override async Task ValidateTokenRequest([NotNull] ValidateTokenRequestContext context)
         {
             var options = (OpenIddictServerOptions) context.Options;
@@ -293,7 +297,8 @@ namespace OpenIddict.Server
 
             context.Validate();
 
-            await base.ValidateTokenRequest(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ValidateTokenRequest(context));
         }
 
         public override async Task HandleTokenRequest([NotNull] HandleTokenRequestContext context)
@@ -316,7 +321,8 @@ namespace OpenIddict.Server
                 // the user code to handle the token request.
                 context.SkipToNextMiddleware();
 
-                await base.HandleTokenRequest(context);
+                await GetEventService(context.HttpContext.RequestServices)
+                    .PublishAsync(new OpenIddictServerEvents.HandleTokenRequest(context));
 
                 return;
             }
@@ -408,7 +414,12 @@ namespace OpenIddict.Server
             // the user code to handle the token request.
             context.SkipToNextMiddleware();
 
-            await base.HandleTokenRequest(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.HandleTokenRequest(context));
         }
+
+        public override Task ApplyTokenResponse([NotNull] ApplyTokenResponseContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+            .PublishAsync(new OpenIddictServerEvents.ApplyTokenResponse(context));
     }
-}
+}

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs

@@ -682,7 +682,11 @@ namespace OpenIddict.Server
             }
         }
 
-        private static ILogger GetLogger(IServiceProvider provider) => provider.GetRequiredService<ILogger<OpenIddictServerProvider>>();
+        private static ILogger GetLogger(IServiceProvider provider)
+            => provider.GetRequiredService<ILogger<OpenIddictServerProvider>>();
+
+        private static IOpenIddictServerEventService GetEventService(IServiceProvider provider)
+            => provider.GetRequiredService<IOpenIddictServerEventService>();
 
         private static IOpenIddictApplicationManager GetApplicationManager(IServiceProvider provider)
             => provider.GetService<IOpenIddictApplicationManager>() ?? throw new InvalidOperationException(new StringBuilder()
@@ -709,4 +713,4 @@ namespace OpenIddict.Server
                 .ToString());
 
     }
-}
+}

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs

@@ -18,6 +18,10 @@ namespace OpenIddict.Server
 {
     public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
+        public override Task ExtractIntrospectionRequest([NotNull] ExtractIntrospectionRequestContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ExtractIntrospectionRequest(context));
+
         public override async Task ValidateIntrospectionRequest([NotNull] ValidateIntrospectionRequestContext context)
         {
             var options = (OpenIddictServerOptions) context.Options;
@@ -98,7 +102,8 @@ namespace OpenIddict.Server
 
             context.Validate();
 
-            await base.ValidateIntrospectionRequest(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ValidateIntrospectionRequest(context));
         }
 
         public override async Task HandleIntrospectionRequest([NotNull] HandleIntrospectionRequestContext context)
@@ -185,7 +190,12 @@ namespace OpenIddict.Server
                 }
             }
 
-            await base.HandleIntrospectionRequest(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.HandleIntrospectionRequest(context));
         }
+
+        public override Task ApplyIntrospectionResponse([NotNull] ApplyIntrospectionResponseContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ApplyIntrospectionResponse(context));
     }
-}
+}

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs

@@ -19,6 +19,10 @@ namespace OpenIddict.Server
 {
     public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
+        public override Task ExtractRevocationRequest([NotNull] ExtractRevocationRequestContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ExtractRevocationRequest(context));
+
         public override async Task ValidateRevocationRequest([NotNull] ValidateRevocationRequestContext context)
         {
             var options = (OpenIddictServerOptions) context.Options;
@@ -164,7 +168,8 @@ namespace OpenIddict.Server
 
             context.Validate();
 
-            await base.ValidateRevocationRequest(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ValidateRevocationRequest(context));
         }
 
         public override async Task HandleRevocationRequest([NotNull] HandleRevocationRequestContext context)
@@ -239,7 +244,12 @@ namespace OpenIddict.Server
 
             context.Revoked = true;
 
-            await base.HandleRevocationRequest(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.HandleRevocationRequest(context));
         }
+
+        public override Task ApplyRevocationResponse([NotNull] ApplyRevocationResponseContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ApplyRevocationResponse(context));
     }
-}
+}

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Serialization.cs

@@ -34,7 +34,7 @@ namespace OpenIddict.Server
                 context.HandleResponse();
             }
 
-            await base.DeserializeAccessToken(context);
+            await GetEventService(context.HttpContext.RequestServices).PublishAsync(new OpenIddictServerEvents.DeserializeAccessToken(context));
         }
 
         public override async Task DeserializeAuthorizationCode([NotNull] DeserializeAuthorizationCodeContext context)
@@ -53,9 +53,12 @@ namespace OpenIddict.Server
             // Prevent the OpenID Connect server middleware from using its default logic.
             context.HandleResponse();
 
-            await base.DeserializeAuthorizationCode(context);
+            await GetEventService(context.HttpContext.RequestServices).PublishAsync(new OpenIddictServerEvents.DeserializeAuthorizationCode(context));
         }
 
+        public override Task DeserializeIdentityToken(DeserializeIdentityTokenContext context)
+            => GetEventService(context.HttpContext.RequestServices).PublishAsync(new OpenIddictServerEvents.DeserializeIdentityToken(context));
+
         public override async Task DeserializeRefreshToken([NotNull] DeserializeRefreshTokenContext context)
         {
             var options = (OpenIddictServerOptions) context.Options;
@@ -72,7 +75,7 @@ namespace OpenIddict.Server
             // Prevent the OpenID Connect server middleware from using its default logic.
             context.HandleResponse();
 
-            await base.DeserializeRefreshToken(context);
+            await GetEventService(context.HttpContext.RequestServices).PublishAsync(new OpenIddictServerEvents.DeserializeRefreshToken(context));
         }
 
         public override async Task SerializeAccessToken([NotNull] SerializeAccessTokenContext context)
@@ -99,7 +102,7 @@ namespace OpenIddict.Server
             // Otherwise, let the OpenID Connect server middleware
             // serialize the token using its default internal logic.
 
-            await base.SerializeAccessToken(context);
+            await GetEventService(context.HttpContext.RequestServices).PublishAsync(new OpenIddictServerEvents.SerializeAccessToken(context));
         }
 
         public override async Task SerializeAuthorizationCode([NotNull] SerializeAuthorizationCodeContext context)
@@ -128,9 +131,12 @@ namespace OpenIddict.Server
             // Otherwise, let the OpenID Connect server middleware
             // serialize the token using its default internal logic.
 
-            await base.SerializeAuthorizationCode(context);
+            await GetEventService(context.HttpContext.RequestServices).PublishAsync(new OpenIddictServerEvents.SerializeAuthorizationCode(context));
         }
 
+        public override Task SerializeIdentityToken(SerializeIdentityTokenContext context)
+            => GetEventService(context.HttpContext.RequestServices).PublishAsync(new OpenIddictServerEvents.SerializeIdentityToken(context));
+
         public override async Task SerializeRefreshToken([NotNull] SerializeRefreshTokenContext context)
         {
             var options = (OpenIddictServerOptions) context.Options;
@@ -157,7 +163,7 @@ namespace OpenIddict.Server
             // Otherwise, let the OpenID Connect server middleware
             // serialize the token using its default internal logic.
 
-            await base.SerializeRefreshToken(context);
+            await GetEventService(context.HttpContext.RequestServices).PublishAsync(new OpenIddictServerEvents.SerializeRefreshToken(context));
         }
     }
-}
+}

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs

@@ -81,7 +81,8 @@ namespace OpenIddict.Server
                 }
             }
 
-            await base.ExtractLogoutRequest(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ExtractLogoutRequest(context));
         }
 
         public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context)
@@ -158,7 +159,8 @@ namespace OpenIddict.Server
 
             context.Validate();
 
-            await base.ValidateLogoutRequest(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ValidateLogoutRequest(context));
         }
 
         public override async Task HandleLogoutRequest([NotNull] HandleLogoutRequestContext context)
@@ -210,7 +212,8 @@ namespace OpenIddict.Server
                 return;
             }
 
-            await base.HandleLogoutRequest(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.HandleLogoutRequest(context));
         }
 
         public override async Task ApplyLogoutResponse([NotNull] ApplyLogoutResponseContext context)
@@ -251,7 +254,8 @@ namespace OpenIddict.Server
                 }
             }
 
-            await base.ApplyLogoutResponse(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ApplyLogoutResponse(context));
         }
     }
-}
+}

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Userinfo.cs

@@ -24,7 +24,20 @@ namespace OpenIddict.Server
             // the user code to handle the userinfo request.
             context.SkipToNextMiddleware();
 
-            return base.ExtractUserinfoRequest(context);
+            return GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ExtractUserinfoRequest(context));
         }
+
+        public override Task ValidateUserinfoRequest([NotNull] ValidateUserinfoRequestContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ValidateUserinfoRequest(context));
+
+        public override Task HandleUserinfoRequest([NotNull] HandleUserinfoRequestContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.HandleUserinfoRequest(context));
+
+        public override Task ApplyUserinfoResponse([NotNull] ApplyUserinfoResponseContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ApplyUserinfoResponse(context));
     }
-}
+}

src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs

@@ -20,6 +20,10 @@ namespace OpenIddict.Server
     [EditorBrowsable(EditorBrowsableState.Never)]
     public partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
+        public override Task MatchEndpoint([NotNull] MatchEndpointContext context)
+            => GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.MatchEndpoint(context));
+
         public override Task ProcessChallengeResponse([NotNull] ProcessChallengeResponseContext context)
         {
             Debug.Assert(context.Request.IsAuthorizationRequest() ||
@@ -34,7 +38,8 @@ namespace OpenIddict.Server
                 context.Response.AddParameter(parameter.Item2, parameter.Item3);
             }
 
-            return base.ProcessChallengeResponse(context);
+            return GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ProcessChallengeResponse(context));
         }
 
         public override async Task ProcessSigninResponse([NotNull] ProcessSigninResponseContext context)
@@ -164,7 +169,8 @@ namespace OpenIddict.Server
                 context.Ticket.RemoveProperty(parameter.Item1);
             }
 
-            await base.ProcessSigninResponse(context);
+            await GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ProcessSigninResponse(context));
         }
 
         public override Task ProcessSignoutResponse([NotNull] ProcessSignoutResponseContext context)
@@ -178,61 +184,8 @@ namespace OpenIddict.Server
                 context.Response.AddParameter(parameter.Item2, parameter.Item3);
             }
 
-            return base.ProcessSignoutResponse(context);
-        }
-
-        public void Import([NotNull] OpenIdConnectServerProvider provider)
-        {
-            OnMatchEndpoint = provider.MatchEndpoint;
-
-            OnExtractAuthorizationRequest = provider.ExtractAuthorizationRequest;
-            OnExtractConfigurationRequest = provider.ExtractConfigurationRequest;
-            OnExtractCryptographyRequest = provider.ExtractCryptographyRequest;
-            OnExtractIntrospectionRequest = provider.ExtractIntrospectionRequest;
-            OnExtractLogoutRequest = provider.ExtractLogoutRequest;
-            OnExtractRevocationRequest = provider.ExtractRevocationRequest;
-            OnExtractTokenRequest = provider.ExtractTokenRequest;
-            OnExtractUserinfoRequest = provider.ExtractUserinfoRequest;
-            OnValidateAuthorizationRequest = provider.ValidateAuthorizationRequest;
-            OnValidateConfigurationRequest = provider.ValidateConfigurationRequest;
-            OnValidateCryptographyRequest = provider.ValidateCryptographyRequest;
-            OnValidateIntrospectionRequest = provider.ValidateIntrospectionRequest;
-            OnValidateLogoutRequest = provider.ValidateLogoutRequest;
-            OnValidateRevocationRequest = provider.ValidateRevocationRequest;
-            OnValidateTokenRequest = provider.ValidateTokenRequest;
-            OnValidateUserinfoRequest = provider.ValidateUserinfoRequest;
-
-            OnHandleAuthorizationRequest = provider.HandleAuthorizationRequest;
-            OnHandleConfigurationRequest = provider.HandleConfigurationRequest;
-            OnHandleCryptographyRequest = provider.HandleCryptographyRequest;
-            OnHandleIntrospectionRequest = provider.HandleIntrospectionRequest;
-            OnHandleLogoutRequest = provider.HandleLogoutRequest;
-            OnHandleRevocationRequest = provider.HandleRevocationRequest;
-            OnHandleTokenRequest = provider.HandleTokenRequest;
-            OnHandleUserinfoRequest = provider.HandleUserinfoRequest;
-
-            OnApplyAuthorizationResponse = provider.ApplyAuthorizationResponse;
-            OnApplyConfigurationResponse = provider.ApplyConfigurationResponse;
-            OnApplyCryptographyResponse = provider.ApplyCryptographyResponse;
-            OnApplyIntrospectionResponse = provider.ApplyIntrospectionResponse;
-            OnApplyLogoutResponse = provider.ApplyLogoutResponse;
-            OnApplyRevocationResponse = provider.ApplyRevocationResponse;
-            OnApplyTokenResponse = provider.ApplyTokenResponse;
-            OnApplyUserinfoResponse = provider.ApplyUserinfoResponse;
-
-            OnProcessChallengeResponse = provider.ProcessChallengeResponse;
-            OnProcessSigninResponse = provider.ProcessSigninResponse;
-            OnProcessSignoutResponse = provider.ProcessSignoutResponse;
-
-            OnDeserializeAccessToken = provider.DeserializeAccessToken;
-            OnDeserializeAuthorizationCode = provider.DeserializeAuthorizationCode;
-            OnDeserializeIdentityToken = provider.DeserializeIdentityToken;
-            OnDeserializeRefreshToken = provider.DeserializeRefreshToken;
-
-            OnSerializeAccessToken = provider.SerializeAccessToken;
-            OnSerializeAuthorizationCode = provider.SerializeAuthorizationCode;
-            OnSerializeIdentityToken = provider.SerializeIdentityToken;
-            OnSerializeRefreshToken = provider.SerializeRefreshToken;
+            return GetEventService(context.HttpContext.RequestServices)
+                .PublishAsync(new OpenIddictServerEvents.ProcessSignoutResponse(context));
         }
     }
-}
+}

src/OpenIddict.Server/OpenIddictServerBuilder.cs

@@ -12,8 +12,9 @@ using System.IO;
 using System.Linq;
 using System.Reflection;
 using System.Security.Cryptography.X509Certificates;
+using System.Threading;
+using System.Threading.Tasks;
 using AspNet.Security.OpenIdConnect.Primitives;
-using AspNet.Security.OpenIdConnect.Server;
 using JetBrains.Annotations;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
@@ -48,6 +49,98 @@ namespace Microsoft.Extensions.DependencyInjection
         [EditorBrowsable(EditorBrowsableState.Never)]
         public IServiceCollection Services { get; }
 
+        /// <summary>
+        /// Registers an event handler for the specified event type.
+        /// </summary>
+        /// <param name="handler">The handler added to the DI container.</param>
+        /// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
+        [EditorBrowsable(EditorBrowsableState.Advanced)]
+        public OpenIddictServerBuilder AddEventHandler<TEvent>(
+            [NotNull] IOpenIddictServerEventHandler<TEvent> handler)
+            where TEvent : class, IOpenIddictServerEvent
+        {
+            if (handler == null)
+            {
+                throw new ArgumentNullException(nameof(handler));
+            }
+
+            Services.AddSingleton(handler);
+
+            return this;
+        }
+
+        /// <summary>
+        /// Registers an event handler for the specified event type.
+        /// </summary>
+        /// <param name="handler">The handler added to the DI container.</param>
+        /// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
+        [EditorBrowsable(EditorBrowsableState.Advanced)]
+        public OpenIddictServerBuilder AddEventHandler<TEvent>([NotNull] Func<TEvent, Task> handler)
+            where TEvent : class, IOpenIddictServerEvent
+            => AddEventHandler<TEvent>((notification, cancellationToken) => handler(notification));
+
+        /// <summary>
+        /// Registers an event handler for the specified event type.
+        /// </summary>
+        /// <param name="handler">The handler added to the DI container.</param>
+        /// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
+        [EditorBrowsable(EditorBrowsableState.Advanced)]
+        public OpenIddictServerBuilder AddEventHandler<TEvent>([NotNull] Func<TEvent, CancellationToken, Task> handler)
+            where TEvent : class, IOpenIddictServerEvent
+        {
+            if (handler == null)
+            {
+                throw new ArgumentNullException(nameof(handler));
+            }
+
+            return AddEventHandler(new OpenIddictServerEventHandler<TEvent>(handler));
+        }
+
+        /// <summary>
+        /// Registers an event handler for the specified event type.
+        /// </summary>
+        /// <typeparam name="TEvent">The type of the event.</typeparam>
+        /// <typeparam name="THandler">The type of the handler.</typeparam>
+        /// <param name="lifetime">The lifetime of the registered service.</param>
+        /// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
+        [EditorBrowsable(EditorBrowsableState.Advanced)]
+        public OpenIddictServerBuilder AddEventHandler<TEvent, THandler>(
+            ServiceLifetime lifetime = ServiceLifetime.Scoped)
+            where TEvent : class, IOpenIddictServerEvent
+            where THandler : IOpenIddictServerEventHandler<TEvent>
+            => AddEventHandler<TEvent>(typeof(THandler));
+
+        /// <summary>
+        /// Registers an event handler for the specified event type.
+        /// </summary>
+        /// <param name="type">The type of the handler.</param>
+        /// <param name="lifetime">The lifetime of the registered service.</param>
+        /// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
+        [EditorBrowsable(EditorBrowsableState.Advanced)]
+        public OpenIddictServerBuilder AddEventHandler<TEvent>(
+            [NotNull] Type type, ServiceLifetime lifetime = ServiceLifetime.Scoped)
+            where TEvent : class, IOpenIddictServerEvent
+        {
+            if (type == null)
+            {
+                throw new ArgumentNullException(nameof(type));
+            }
+
+            if (lifetime == ServiceLifetime.Transient)
+            {
+                throw new ArgumentException("Handlers cannot be registered as transient services.", nameof(lifetime));
+            }
+
+            if (!typeof(IOpenIddictServerEventHandler<TEvent>).IsAssignableFrom(type))
+            {
+                throw new ArgumentException("The specified type is invalid.", nameof(type));
+            }
+
+            Services.Add(new ServiceDescriptor(typeof(IOpenIddictServerEventHandler<TEvent>), type, lifetime));
+
+            return this;
+        }
+
         /// <summary>
         /// Amends the default OpenIddict server configuration.
         /// </summary>
@@ -145,7 +238,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
             if (string.IsNullOrEmpty(password))
             {
-                throw new ArgumentNullException(nameof(password));
+                throw new ArgumentException("The password cannot be null or empty.", nameof(password));
             }
 
             return Configure(options => options.SigningCredentials.AddCertificate(assembly, resource, password));
@@ -167,7 +260,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
             if (string.IsNullOrEmpty(password))
             {
-                throw new ArgumentNullException(nameof(password));
+                throw new ArgumentException("The password cannot be null or empty.", nameof(password));
             }
 
             return Configure(options => options.SigningCredentials.AddCertificate(stream, password));
@@ -194,7 +287,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
             if (string.IsNullOrEmpty(password))
             {
-                throw new ArgumentNullException(nameof(password));
+                throw new ArgumentException("The password cannot be null or empty.", nameof(password));
             }
 
             return Configure(options => options.SigningCredentials.AddCertificate(stream, password, flags));
@@ -513,24 +606,6 @@ namespace Microsoft.Extensions.DependencyInjection
             return Configure(options => options.Claims.UnionWith(claims));
         }
 
-        /// <summary>
-        /// Registers an application-specific OpenID Connect server provider whose events
-        /// are automatically invoked for each request handled by the OpenIddict server handler.
-        /// Using this method is NOT recommended if you're not familiar with the OIDC events model.
-        /// </summary>
-        /// <param name="provider">The custom <see cref="OpenIdConnectServerProvider"/> service.</param>
-        /// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
-        [EditorBrowsable(EditorBrowsableState.Advanced)]
-        public OpenIddictServerBuilder RegisterProvider([NotNull] OpenIdConnectServerProvider provider)
-        {
-            if (provider == null)
-            {
-                throw new ArgumentNullException(nameof(provider));
-            }
-
-            return Configure(options => options.ApplicationProvider = provider);
-        }
-
         /// <summary>
         /// Registers the specified scopes as supported scopes so
         /// they can be returned as part of the discovery document.
@@ -660,4 +735,4 @@ namespace Microsoft.Extensions.DependencyInjection
         public OpenIddictServerBuilder UseRollingTokens()
             => Configure(options => options.UseRollingTokens = true);
     }
-}
+}

src/OpenIddict.Server/OpenIddictServerEvent.cs

@@ -0,0 +1,24 @@
+using System;
+using JetBrains.Annotations;
+
+namespace OpenIddict.Server
+{
+    /// <summary>
+    /// Represents an OpenIddict server event.
+    /// </summary>
+    /// <typeparam name="TContext">The type of the context instance associated with the event.</typeparam>
+    public class OpenIddictServerEvent<TContext> : IOpenIddictServerEvent where TContext : class
+    {
+        /// <summary>
+        /// Creates a new instance of <see cref="OpenIddictServerEvent{TContext}"/>.
+        /// </summary>
+        /// <param name="context">The context instance associated with the event.</param>
+        public OpenIddictServerEvent([NotNull] TContext context)
+            => Context = context ?? throw new ArgumentNullException(nameof(context));
+
+        /// <summary>
+        /// Gets the context instance associated with the event.
+        /// </summary>
+        public TContext Context { get; }
+    }
+}

src/OpenIddict.Server/OpenIddictServerEventHandler.cs

@@ -0,0 +1,46 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using JetBrains.Annotations;
+
+namespace OpenIddict.Server
+{
+    /// <summary>
+    /// Represents a handler able to process <typeparamref name="TEvent"/> events.
+    /// </summary>
+    /// <typeparam name="TEvent">The type of the events handled by this instance.</typeparam>
+    public class OpenIddictServerEventHandler<TEvent> : IOpenIddictServerEventHandler<TEvent>
+        where TEvent : class, IOpenIddictServerEvent
+    {
+        private readonly Func<TEvent, CancellationToken, Task> _handler;
+
+        /// <summary>
+        /// Creates a new event using the specified handler delegate.
+        /// </summary>
+        /// <param name="handler">The event handler delegate</param>
+        public OpenIddictServerEventHandler([NotNull] Func<TEvent, CancellationToken, Task> handler)
+            => _handler = handler ?? throw new ArgumentNullException(nameof(handler));
+
+        /// <summary>
+        /// Processes the event.
+        /// </summary>
+        /// <param name="notification">The event to process.</param>
+        /// <param name="cancellationToken">
+        /// The <see cref="CancellationToken"/> that can be used to abort the operation.
+        /// </param>
+        /// <returns>
+        /// A <see cref="Task"/> that can be used to monitor the asynchronous operation.
+        /// </returns>
+        public async Task HandleAsync(TEvent notification, CancellationToken cancellationToken)
+        {
+            if (notification == null)
+            {
+                throw new ArgumentNullException(nameof(notification));
+            }
+
+            cancellationToken.ThrowIfCancellationRequested();
+
+            await _handler.Invoke(notification, cancellationToken);
+        }
+    }
+}

src/OpenIddict.Server/OpenIddictServerEventService.cs

@@ -0,0 +1,151 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using AspNet.Security.OpenIdConnect.Primitives;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.DependencyInjection;
+using static OpenIddict.Server.OpenIddictServerEvents;
+
+namespace OpenIddict.Server
+{
+    /// <summary>
+    /// Dispatches notifications by invoking the corresponding handlers.
+    /// </summary>
+    public class OpenIddictServerEventService : IOpenIddictServerEventService
+    {
+        private readonly IServiceProvider _provider;
+
+        public OpenIddictServerEventService([NotNull] IServiceProvider provider)
+        {
+            _provider = provider;
+        }
+
+        /// <summary>
+        /// Publishes a new event.
+        /// </summary>
+        /// <typeparam name="TEvent">The type of the event to publish.</typeparam>
+        /// <param name="notification">The event to publish.</param>
+        /// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
+        /// <returns>A <see cref="Task"/> that can be used to monitor the asynchronous operation.</returns>
+        public async Task PublishAsync<TEvent>([NotNull] TEvent notification, CancellationToken cancellationToken = default)
+            where TEvent : class, IOpenIddictServerEvent
+        {
+            if (notification == null)
+            {
+                throw new ArgumentNullException(nameof(notification));
+            }
+
+            foreach (var handler in _provider.GetServices<IOpenIddictServerEventHandler<TEvent>>())
+            {
+                cancellationToken.ThrowIfCancellationRequested();
+
+                await handler.HandleAsync(notification, cancellationToken);
+
+                // Note: the following logic determines whether next handlers should be invoked
+                // depending on whether the underlying event context was substantially updated.
+                switch (notification)
+                {
+                    case MatchEndpoint value when value.Context.State != EventResultState.Continue: return;
+                    case MatchEndpoint value when value.Context.IsAuthorizationEndpoint ||
+                                                  value.Context.IsConfigurationEndpoint ||
+                                                  value.Context.IsCryptographyEndpoint  ||
+                                                  value.Context.IsIntrospectionEndpoint ||
+                                                  value.Context.IsLogoutEndpoint        ||
+                                                  value.Context.IsRevocationEndpoint    ||
+                                                  value.Context.IsTokenEndpoint         ||
+                                                  value.Context.IsUserinfoEndpoint: return;
+
+                    case ExtractAuthorizationRequest value when value.Context.State != EventResultState.Continue: return;
+                    case ExtractConfigurationRequest value when value.Context.State != EventResultState.Continue: return;
+                    case ExtractCryptographyRequest  value when value.Context.State != EventResultState.Continue: return;
+                    case ExtractIntrospectionRequest value when value.Context.State != EventResultState.Continue: return;
+                    case ExtractLogoutRequest        value when value.Context.State != EventResultState.Continue: return;
+                    case ExtractRevocationRequest    value when value.Context.State != EventResultState.Continue: return;
+                    case ExtractTokenRequest         value when value.Context.State != EventResultState.Continue: return;
+                    case ExtractUserinfoRequest      value when value.Context.State != EventResultState.Continue: return;
+
+                    case ValidateAuthorizationRequest value when value.Context.State != EventResultState.Continue: return;
+                    case ValidateConfigurationRequest value when value.Context.State != EventResultState.Continue: return;
+                    case ValidateCryptographyRequest  value when value.Context.State != EventResultState.Continue: return;
+                    case ValidateIntrospectionRequest value when value.Context.State != EventResultState.Continue: return;
+                    case ValidateLogoutRequest        value when value.Context.State != EventResultState.Continue: return;
+                    case ValidateRevocationRequest    value when value.Context.State != EventResultState.Continue: return;
+                    case ValidateTokenRequest         value when value.Context.State != EventResultState.Continue: return;
+                    case ValidateUserinfoRequest      value when value.Context.State != EventResultState.Continue: return;
+
+                    case ValidateAuthorizationRequest value when value.Context.IsRejected: return;
+                    case ValidateConfigurationRequest value when value.Context.IsRejected: return;
+                    case ValidateCryptographyRequest  value when value.Context.IsRejected: return;
+                    case ValidateIntrospectionRequest value when value.Context.IsRejected: return;
+                    case ValidateLogoutRequest        value when value.Context.IsRejected: return;
+                    case ValidateRevocationRequest    value when value.Context.IsRejected: return;
+                    case ValidateTokenRequest         value when value.Context.IsRejected: return;
+                    case ValidateUserinfoRequest      value when value.Context.IsRejected: return;
+
+                    case ValidateIntrospectionRequest value when value.Context.IsSkipped: return;
+                    case ValidateRevocationRequest    value when value.Context.IsSkipped: return;
+                    case ValidateTokenRequest         value when value.Context.IsSkipped: return;
+
+                    case HandleAuthorizationRequest value when value.Context.State != EventResultState.Continue: return;
+                    case HandleConfigurationRequest value when value.Context.State != EventResultState.Continue: return;
+                    case HandleCryptographyRequest  value when value.Context.State != EventResultState.Continue: return;
+                    case HandleIntrospectionRequest value when value.Context.State != EventResultState.Continue: return;
+                    case HandleLogoutRequest        value when value.Context.State != EventResultState.Continue: return;
+                    case HandleRevocationRequest    value when value.Context.State != EventResultState.Continue: return;
+                    case HandleTokenRequest         value when value.Context.State != EventResultState.Continue: return;
+                    case HandleUserinfoRequest      value when value.Context.State != EventResultState.Continue: return;
+
+                    case HandleAuthorizationRequest value when value.Context.Ticket != null: return;
+
+                    case HandleTokenRequest value when value.Context.Ticket != null &&
+                        !value.Context.Request.IsAuthorizationCodeGrantType() &&
+                        !value.Context.Request.IsRefreshTokenGrantType(): return;
+
+                    case HandleTokenRequest value when value.Context.Ticket == null &&
+                        (value.Context.Request.IsAuthorizationCodeGrantType() ||
+                         value.Context.Request.IsRefreshTokenGrantType()): return;
+
+                    case HandleAuthorizationRequest value when value.Context.Ticket != null: return;
+
+                    case ProcessChallengeResponse value when value.Context.State != EventResultState.Continue: return;
+                    case ProcessSigninResponse    value when value.Context.State != EventResultState.Continue: return;
+                    case ProcessSignoutResponse   value when value.Context.State != EventResultState.Continue: return;
+
+                    case ProcessChallengeResponse value when value.Context.IsRejected: return;
+                    case ProcessSigninResponse    value when value.Context.IsRejected: return;
+                    case ProcessSignoutResponse   value when value.Context.IsRejected: return;
+
+                    case ApplyAuthorizationResponse value when value.Context.State != EventResultState.Continue: return;
+                    case ApplyConfigurationResponse value when value.Context.State != EventResultState.Continue: return;
+                    case ApplyCryptographyResponse  value when value.Context.State != EventResultState.Continue: return;
+                    case ApplyIntrospectionResponse value when value.Context.State != EventResultState.Continue: return;
+                    case ApplyLogoutResponse        value when value.Context.State != EventResultState.Continue: return;
+                    case ApplyRevocationResponse    value when value.Context.State != EventResultState.Continue: return;
+                    case ApplyTokenResponse         value when value.Context.State != EventResultState.Continue: return;
+                    case ApplyUserinfoResponse      value when value.Context.State != EventResultState.Continue: return;
+
+                    case DeserializeAuthorizationCode value when value.Context.State != EventResultState.Continue: return;
+                    case DeserializeAccessToken       value when value.Context.State != EventResultState.Continue: return;
+                    case DeserializeIdentityToken     value when value.Context.State != EventResultState.Continue: return;
+                    case DeserializeRefreshToken      value when value.Context.State != EventResultState.Continue: return;
+
+                    case DeserializeAuthorizationCode value when value.Context.Ticket != null: return;
+                    case DeserializeAccessToken       value when value.Context.Ticket != null: return;
+                    case DeserializeIdentityToken     value when value.Context.Ticket != null: return;
+                    case DeserializeRefreshToken      value when value.Context.Ticket != null: return;
+
+                    case SerializeAuthorizationCode value when value.Context.State != EventResultState.Continue: return;
+                    case SerializeAccessToken       value when value.Context.State != EventResultState.Continue: return;
+                    case SerializeIdentityToken     value when value.Context.State != EventResultState.Continue: return;
+                    case SerializeRefreshToken      value when value.Context.State != EventResultState.Continue: return;
+
+                    case SerializeAuthorizationCode value when !string.IsNullOrEmpty(value.Context.AuthorizationCode): return;
+                    case SerializeAccessToken       value when !string.IsNullOrEmpty(value.Context.AccessToken):       return;
+                    case SerializeIdentityToken     value when !string.IsNullOrEmpty(value.Context.IdentityToken):     return;
+                    case SerializeRefreshToken      value when !string.IsNullOrEmpty(value.Context.RefreshToken):      return;
+                }
+            }
+        }
+    }
+}

src/OpenIddict.Server/OpenIddictServerEvents.cs

@@ -0,0 +1,565 @@
+using AspNet.Security.OpenIdConnect.Server;
+using JetBrains.Annotations;
+
+namespace OpenIddict.Server
+{
+    /// <summary>
+    /// Contains common events used by the OpenIddict server handler.
+    /// </summary>
+    public static class OpenIddictServerEvents
+    {
+        /// <summary>
+        /// Represents an event called for each HTTP request to determine if
+        /// it should be handled by the OpenID Connect server middleware.
+        /// </summary>
+        public sealed class MatchEndpoint : OpenIddictServerEvent<MatchEndpointContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="MatchEndpoint"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public MatchEndpoint([NotNull] MatchEndpointContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the authorization endpoint to give the user code
+        /// a chance to manually extract the authorization request from the ambient HTTP context.
+        /// </summary>
+        public sealed class ExtractAuthorizationRequest : OpenIddictServerEvent<ExtractAuthorizationRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ExtractAuthorizationRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ExtractAuthorizationRequest([NotNull] ExtractAuthorizationRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the configuration endpoint to give the user code
+        /// a chance to manually extract the configuration request from the ambient HTTP context.
+        /// </summary>
+        public sealed class ExtractConfigurationRequest : OpenIddictServerEvent<ExtractConfigurationRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ExtractConfigurationRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ExtractConfigurationRequest([NotNull] ExtractConfigurationRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the cryptography endpoint to give the user code
+        /// a chance to manually extract the cryptography request from the ambient HTTP context.
+        /// </summary>
+
+        public sealed class ExtractCryptographyRequest : OpenIddictServerEvent<ExtractCryptographyRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ExtractCryptographyRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ExtractCryptographyRequest([NotNull] ExtractCryptographyRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the introspection endpoint to give the user code
+        /// a chance to manually extract the introspection request from the ambient HTTP context.
+        /// </summary>
+        public sealed class ExtractIntrospectionRequest : OpenIddictServerEvent<ExtractIntrospectionRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ExtractIntrospectionRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ExtractIntrospectionRequest([NotNull] ExtractIntrospectionRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the logout endpoint to give the user code
+        /// a chance to manually extract the logout request from the ambient HTTP context.
+        /// </summary>
+        public sealed class ExtractLogoutRequest : OpenIddictServerEvent<ExtractLogoutRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ExtractLogoutRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ExtractLogoutRequest([NotNull] ExtractLogoutRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the revocation endpoint to give the user code
+        /// a chance to manually extract the revocation request from the ambient HTTP context.
+        /// </summary>
+        public sealed class ExtractRevocationRequest : OpenIddictServerEvent<ExtractRevocationRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ExtractRevocationRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ExtractRevocationRequest([NotNull] ExtractRevocationRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the token endpoint to give the user code
+        /// a chance to manually extract the token request from the ambient HTTP context.
+        /// </summary>
+        public sealed class ExtractTokenRequest : OpenIddictServerEvent<ExtractTokenRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ExtractTokenRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ExtractTokenRequest([NotNull] ExtractTokenRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the userinfo endpoint to give the user code
+        /// a chance to manually extract the userinfo request from the ambient HTTP context.
+        /// </summary>
+        public sealed class ExtractUserinfoRequest : OpenIddictServerEvent<ExtractUserinfoRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ExtractUserinfoRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ExtractUserinfoRequest([NotNull] ExtractUserinfoRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the authorization endpoint
+        /// to determine if the request is valid and should continue to be processed.
+        /// </summary>
+        public sealed class ValidateAuthorizationRequest : OpenIddictServerEvent<ValidateAuthorizationRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ValidateAuthorizationRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ValidateAuthorizationRequest([NotNull] ValidateAuthorizationRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the configuration endpoint
+        /// to determine if the request is valid and should continue to be processed.
+        /// </summary>
+        public sealed class ValidateConfigurationRequest : OpenIddictServerEvent<ValidateConfigurationRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ValidateConfigurationRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ValidateConfigurationRequest([NotNull] ValidateConfigurationRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the cryptography endpoint
+        /// to determine if the request is valid and should continue to be processed.
+        /// </summary>
+        public sealed class ValidateCryptographyRequest : OpenIddictServerEvent<ValidateCryptographyRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ValidateCryptographyRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ValidateCryptographyRequest([NotNull] ValidateCryptographyRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the introspection endpoint
+        /// to determine if the request is valid and should continue to be processed.
+        /// </summary>
+        public sealed class ValidateIntrospectionRequest : OpenIddictServerEvent<ValidateIntrospectionRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ValidateIntrospectionRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ValidateIntrospectionRequest([NotNull] ValidateIntrospectionRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the logout endpoint
+        /// to determine if the request is valid and should continue to be processed.
+        /// </summary>
+        public sealed class ValidateLogoutRequest : OpenIddictServerEvent<ValidateLogoutRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ValidateLogoutRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the revocation endpoint
+        /// to determine if the request is valid and should continue to be processed.
+        /// </summary>
+        public sealed class ValidateRevocationRequest : OpenIddictServerEvent<ValidateRevocationRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ValidateRevocationRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ValidateRevocationRequest([NotNull] ValidateRevocationRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the token endpoint
+        /// to determine if the request is valid and should continue to be processed.
+        /// </summary>
+        public sealed class ValidateTokenRequest : OpenIddictServerEvent<ValidateTokenRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ValidateTokenRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ValidateTokenRequest([NotNull] ValidateTokenRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each request to the userinfo endpoint
+        /// to determine if the request is valid and should continue to be processed.
+        /// </summary>
+        public sealed class ValidateUserinfoRequest : OpenIddictServerEvent<ValidateUserinfoRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ValidateUserinfoRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ValidateUserinfoRequest([NotNull] ValidateUserinfoRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each validated authorization request
+        /// to allow the user code to decide how the request should be handled.
+        /// </summary>
+        public sealed class HandleAuthorizationRequest : OpenIddictServerEvent<HandleAuthorizationRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="HandleAuthorizationRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public HandleAuthorizationRequest([NotNull] HandleAuthorizationRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each validated configuration request
+        /// to allow the user code to decide how the request should be handled.
+        /// </summary>
+        public sealed class HandleConfigurationRequest : OpenIddictServerEvent<HandleConfigurationRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="HandleConfigurationRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public HandleConfigurationRequest([NotNull] HandleConfigurationRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each validated cryptography request
+        /// to allow the user code to decide how the request should be handled.
+        /// </summary>
+        public sealed class HandleCryptographyRequest : OpenIddictServerEvent<HandleCryptographyRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="HandleCryptographyRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public HandleCryptographyRequest([NotNull] HandleCryptographyRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each validated introspection request
+        /// to allow the user code to decide how the request should be handled.
+        /// </summary>
+        public sealed class HandleIntrospectionRequest : OpenIddictServerEvent<HandleIntrospectionRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="HandleIntrospectionRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public HandleIntrospectionRequest([NotNull] HandleIntrospectionRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each validated logout request
+        /// to allow the user code to decide how the request should be handled.
+        /// </summary>
+        public sealed class HandleLogoutRequest : OpenIddictServerEvent<HandleLogoutRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="HandleLogoutRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public HandleLogoutRequest([NotNull] HandleLogoutRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each validated revocation request
+        /// to allow the user code to decide how the request should be handled.
+        /// </summary>
+        public sealed class HandleRevocationRequest : OpenIddictServerEvent<HandleRevocationRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="HandleRevocationRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public HandleRevocationRequest([NotNull] HandleRevocationRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each validated token request
+        /// to allow the user code to decide how the request should be handled.
+        /// </summary>
+        public sealed class HandleTokenRequest : OpenIddictServerEvent<HandleTokenRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="HandleTokenRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public HandleTokenRequest([NotNull] HandleTokenRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called for each validated userinfo request
+        /// to allow the user code to decide how the request should be handled.
+        /// </summary>
+        public sealed class HandleUserinfoRequest : OpenIddictServerEvent<HandleUserinfoRequestContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="HandleUserinfoRequest"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public HandleUserinfoRequest([NotNull] HandleUserinfoRequestContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called when processing a challenge response.
+        /// </summary>
+        public sealed class ProcessChallengeResponse : OpenIddictServerEvent<ProcessChallengeResponseContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ProcessChallengeResponse"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ProcessChallengeResponse([NotNull] ProcessChallengeResponseContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called when processing a sign-in response.
+        /// </summary>
+        public sealed class ProcessSigninResponse : OpenIddictServerEvent<ProcessSigninResponseContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ProcessSigninResponse"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ProcessSigninResponse([NotNull] ProcessSigninResponseContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called when processing a sign-out response.
+        /// </summary>
+        public sealed class ProcessSignoutResponse : OpenIddictServerEvent<ProcessSignoutResponseContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ProcessSignoutResponse"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ProcessSignoutResponse([NotNull] ProcessSignoutResponseContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called before the authorization response is returned to the caller.
+        /// </summary>
+        public sealed class ApplyAuthorizationResponse : OpenIddictServerEvent<ApplyAuthorizationResponseContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ApplyAuthorizationResponse"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ApplyAuthorizationResponse([NotNull] ApplyAuthorizationResponseContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called before the configuration response is returned to the caller.
+        /// </summary>
+        public sealed class ApplyConfigurationResponse : OpenIddictServerEvent<ApplyConfigurationResponseContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ApplyConfigurationResponse"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ApplyConfigurationResponse([NotNull] ApplyConfigurationResponseContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called before the cryptography response is returned to the caller.
+        /// </summary>
+        public sealed class ApplyCryptographyResponse : OpenIddictServerEvent<ApplyCryptographyResponseContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ApplyCryptographyResponse"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ApplyCryptographyResponse([NotNull] ApplyCryptographyResponseContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called before the introspection response is returned to the caller.
+        /// </summary>
+        public sealed class ApplyIntrospectionResponse : OpenIddictServerEvent<ApplyIntrospectionResponseContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ApplyIntrospectionResponse"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ApplyIntrospectionResponse([NotNull] ApplyIntrospectionResponseContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called before the logout response is returned to the caller.
+        /// </summary>
+        public sealed class ApplyLogoutResponse : OpenIddictServerEvent<ApplyLogoutResponseContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ApplyLogoutResponse"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ApplyLogoutResponse([NotNull] ApplyLogoutResponseContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called before the revocation response is returned to the caller.
+        /// </summary>
+        public sealed class ApplyRevocationResponse : OpenIddictServerEvent<ApplyRevocationResponseContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ApplyRevocationResponse"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ApplyRevocationResponse([NotNull] ApplyRevocationResponseContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called before the token response is returned to the caller.
+        /// </summary>
+        public sealed class ApplyTokenResponse : OpenIddictServerEvent<ApplyTokenResponseContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ApplyTokenResponse"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ApplyTokenResponse([NotNull] ApplyTokenResponseContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called before the userinfo response is returned to the caller.
+        /// </summary>
+        public sealed class ApplyUserinfoResponse : OpenIddictServerEvent<ApplyUserinfoResponseContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ApplyUserinfoResponse"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ApplyUserinfoResponse([NotNull] ApplyUserinfoResponseContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called when serializing an authorization code.
+        /// </summary>
+        public sealed class SerializeAuthorizationCode : OpenIddictServerEvent<SerializeAuthorizationCodeContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="SerializeAuthorizationCode"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public SerializeAuthorizationCode([NotNull] SerializeAuthorizationCodeContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called when serializing an access token.
+        /// </summary>
+        public sealed class SerializeAccessToken : OpenIddictServerEvent<SerializeAccessTokenContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="SerializeAccessToken"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public SerializeAccessToken([NotNull] SerializeAccessTokenContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called when serializing an identity token.
+        /// </summary>
+        public sealed class SerializeIdentityToken : OpenIddictServerEvent<SerializeIdentityTokenContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="SerializeIdentityToken"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public SerializeIdentityToken([NotNull] SerializeIdentityTokenContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called when serializing a refresh token.
+        /// </summary>
+        public sealed class SerializeRefreshToken : OpenIddictServerEvent<SerializeRefreshTokenContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="SerializeRefreshToken"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public SerializeRefreshToken([NotNull] SerializeRefreshTokenContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called when deserializing an authorization code.
+        /// </summary>
+        public sealed class DeserializeAuthorizationCode : OpenIddictServerEvent<DeserializeAuthorizationCodeContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="DeserializeAuthorizationCode"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public DeserializeAuthorizationCode([NotNull] DeserializeAuthorizationCodeContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called when deserializing an access token.
+        /// </summary>
+        public sealed class DeserializeAccessToken : OpenIddictServerEvent<DeserializeAccessTokenContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="DeserializeAccessToken"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public DeserializeAccessToken([NotNull] DeserializeAccessTokenContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called when deserializing an identity token.
+        /// </summary>
+        public sealed class DeserializeIdentityToken : OpenIddictServerEvent<DeserializeIdentityTokenContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="DeserializeIdentityToken"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public DeserializeIdentityToken([NotNull] DeserializeIdentityTokenContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Represents an event called when deserializing a refresh token.
+        /// </summary>
+        public sealed class DeserializeRefreshToken : OpenIddictServerEvent<DeserializeRefreshTokenContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="DeserializeRefreshToken"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public DeserializeRefreshToken([NotNull] DeserializeRefreshTokenContext context) : base(context) { }
+        }
+    }
+}

src/OpenIddict.Server/OpenIddictServerExtensions.cs

@@ -14,6 +14,7 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.Extensions.Caching.Distributed;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
 using OpenIddict.Server;
@@ -36,6 +37,7 @@ namespace Microsoft.Extensions.DependencyInjection
             }
 
             builder.Services.AddAuthentication();
+            builder.Services.TryAddScoped<IOpenIddictServerEventService, OpenIddictServerEventService>();
 
             return new OpenIddictServerBuilder(builder.Services);
         }
@@ -210,18 +212,6 @@ namespace Microsoft.Extensions.DependencyInjection
                 options.Scopes.Add(OpenIdConnectConstants.Scopes.OfflineAccess);
             }
 
-            // If an application provider was registered, import the events into the main provider.
-            if (options.ApplicationProvider != null)
-            {
-                var provider = options.Provider as OpenIddictServerProvider;
-                if (provider == null)
-                {
-                    throw new InvalidOperationException("The specified OpenID Connect server provider is not compatible.");
-                }
-
-                provider.Import(options.ApplicationProvider);
-            }
-
             return app.UseOpenIdConnectServer(options);
         }
     }

src/OpenIddict.Server/OpenIddictServerOptions.cs

@@ -33,12 +33,6 @@ namespace OpenIddict.Server
         /// </summary>
         public bool AcceptAnonymousClients { get; set; }
 
-        /// <summary>
-        /// Gets or sets the user-provided <see cref="OpenIdConnectServerProvider"/> that the OpenIddict server
-        /// invokes to enable developer control over the entire authentication/authorization process.
-        /// </summary>
-        public OpenIdConnectServerProvider ApplicationProvider { get; set; }
-
         /// <summary>
         /// Gets or sets the distributed cache used by OpenIddict. If no cache is explicitly
         /// provided, the cache registered in the dependency injection container is used.

src/OpenIddict.Validation/IOpenIddictValidationEvent.cs

@@ -0,0 +1,7 @@
+namespace OpenIddict.Validation
+{
+    /// <summary>
+    /// Represents an OpenIddict validation event.
+    /// </summary>
+    public interface IOpenIddictValidationEvent { }
+}

src/OpenIddict.Validation/IOpenIddictValidationEventHandler.cs

@@ -0,0 +1,25 @@
+using System.Threading;
+using System.Threading.Tasks;
+using JetBrains.Annotations;
+
+namespace OpenIddict.Validation
+{
+    /// <summary>
+    /// Represents a handler able to process <typeparamref name="TEvent"/> events.
+    /// </summary>
+    /// <typeparam name="TEvent">The type of the events handled by this instance.</typeparam>
+    public interface IOpenIddictValidationEventHandler<TEvent> where TEvent : class, IOpenIddictValidationEvent
+    {
+        /// <summary>
+        /// Processes the event.
+        /// </summary>
+        /// <param name="notification">The event to process.</param>
+        /// <param name="cancellationToken">
+        /// The <see cref="CancellationToken"/> that can be used to abort the operation.
+        /// </param>
+        /// <returns>
+        /// A <see cref="Task"/> that can be used to monitor the asynchronous operation.
+        /// </returns>
+        Task HandleAsync([NotNull] TEvent notification, CancellationToken cancellationToken);
+    }
+}

src/OpenIddict.Validation/IOpenIddictValidationEventService.cs

@@ -0,0 +1,22 @@
+using System.Threading;
+using System.Threading.Tasks;
+using JetBrains.Annotations;
+
+namespace OpenIddict.Validation
+{
+    /// <summary>
+    /// Dispatches events by invoking the corresponding handlers.
+    /// </summary>
+    public interface IOpenIddictValidationEventService
+    {
+        /// <summary>
+        /// Publishes a new event.
+        /// </summary>
+        /// <typeparam name="TEvent">The type of the event to publish.</typeparam>
+        /// <param name="notification">The event to publish.</param>
+        /// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
+        /// <returns>A <see cref="Task"/> that can be used to monitor the asynchronous operation.</returns>
+        Task PublishAsync<TEvent>([NotNull] TEvent notification, CancellationToken cancellationToken = default)
+            where TEvent : class, IOpenIddictValidationEvent;
+    }
+}

src/OpenIddict.Validation/Internal/OpenIddictValidationEvents.cs → src/OpenIddict.Validation/Internal/OpenIddictValidationProvider.cs

@@ -20,13 +20,21 @@ namespace OpenIddict.Validation
     /// Provides the logic necessary to extract, validate and handle OAuth2 requests.
     /// </summary>
     [EditorBrowsable(EditorBrowsableState.Never)]
-    public class OpenIddictValidationEvents : OAuthValidationEvents
+    public class OpenIddictValidationProvider : OAuthValidationEvents
     {
+        public override Task ApplyChallenge([NotNull] ApplyChallengeContext context)
+            => context.HttpContext.RequestServices.GetRequiredService<IOpenIddictValidationEventService>()
+                .PublishAsync(new OpenIddictValidationEvents.ApplyChallenge(context));
+
+        public override Task CreateTicket([NotNull] CreateTicketContext context)
+            => context.HttpContext.RequestServices.GetRequiredService<IOpenIddictValidationEventService>()
+                .PublishAsync(new OpenIddictValidationEvents.CreateTicket(context));
+
         public override async Task DecryptToken([NotNull] DecryptTokenContext context)
         {
             var options = (OpenIddictValidationOptions) context.Options;
 
-            var logger = context.HttpContext.RequestServices.GetRequiredService<ILogger<OpenIddictValidationEvents>>();
+            var logger = context.HttpContext.RequestServices.GetRequiredService<ILogger<OpenIddictValidationProvider>>();
 
             if (options.UseReferenceTokens)
             {
@@ -86,16 +94,16 @@ namespace OpenIddict.Validation
                 context.HandleResponse();
             }
 
-            await base.DecryptToken(context);
+            await context.HttpContext.RequestServices.GetRequiredService<IOpenIddictValidationEventService>()
+                .PublishAsync(new OpenIddictValidationEvents.DecryptToken(context));
         }
 
-        public void Import([NotNull] OAuthValidationEvents events)
-        {
-            OnApplyChallenge = events.ApplyChallenge;
-            OnCreateTicket = events.CreateTicket;
-            OnDecryptToken = events.DecryptToken;
-            OnRetrieveToken = events.RetrieveToken;
-            OnValidateToken = events.ValidateToken;
-        }
+        public override Task RetrieveToken([NotNull] RetrieveTokenContext context)
+            => context.HttpContext.RequestServices.GetRequiredService<IOpenIddictValidationEventService>()
+                .PublishAsync(new OpenIddictValidationEvents.RetrieveToken(context));
+
+        public override Task ValidateToken([NotNull] ValidateTokenContext context)
+            => context.HttpContext.RequestServices.GetRequiredService<IOpenIddictValidationEventService>()
+                .PublishAsync(new OpenIddictValidationEvents.ValidateToken(context));
     }
 }

src/OpenIddict.Validation/OpenIddictValidationBuilder.cs

@@ -8,10 +8,10 @@ using System;
 using System.ComponentModel;
 using System.Linq;
 using System.Reflection;
-using AspNet.Security.OAuth.Validation;
+using System.Threading;
+using System.Threading.Tasks;
 using JetBrains.Annotations;
 using Microsoft.AspNetCore.DataProtection;
-using Microsoft.Extensions.DependencyInjection.Extensions;
 using OpenIddict.Validation;
 
 namespace Microsoft.Extensions.DependencyInjection
@@ -41,6 +41,98 @@ namespace Microsoft.Extensions.DependencyInjection
         [EditorBrowsable(EditorBrowsableState.Never)]
         public IServiceCollection Services { get; }
 
+        /// <summary>
+        /// Registers an event handler for the specified event type.
+        /// </summary>
+        /// <param name="handler">The handler added to the DI container.</param>
+        /// <returns>The <see cref="OpenIddictValidationBuilder"/>.</returns>
+        [EditorBrowsable(EditorBrowsableState.Advanced)]
+        public OpenIddictValidationBuilder AddEventHandler<TEvent>(
+            [NotNull] IOpenIddictValidationEventHandler<TEvent> handler)
+            where TEvent : class, IOpenIddictValidationEvent
+        {
+            if (handler == null)
+            {
+                throw new ArgumentNullException(nameof(handler));
+            }
+
+            Services.AddSingleton(handler);
+
+            return this;
+        }
+
+        /// <summary>
+        /// Registers an event handler for the specified event type.
+        /// </summary>
+        /// <param name="handler">The handler added to the DI container.</param>
+        /// <returns>The <see cref="OpenIddictValidationBuilder"/>.</returns>
+        [EditorBrowsable(EditorBrowsableState.Advanced)]
+        public OpenIddictValidationBuilder AddEventHandler<TEvent>([NotNull] Func<TEvent, Task> handler)
+            where TEvent : class, IOpenIddictValidationEvent
+            => AddEventHandler<TEvent>((notification, cancellationToken) => handler(notification));
+
+        /// <summary>
+        /// Registers an event handler for the specified event type.
+        /// </summary>
+        /// <param name="handler">The handler added to the DI container.</param>
+        /// <returns>The <see cref="OpenIddictValidationBuilder"/>.</returns>
+        [EditorBrowsable(EditorBrowsableState.Advanced)]
+        public OpenIddictValidationBuilder AddEventHandler<TEvent>([NotNull] Func<TEvent, CancellationToken, Task> handler)
+            where TEvent : class, IOpenIddictValidationEvent
+        {
+            if (handler == null)
+            {
+                throw new ArgumentNullException(nameof(handler));
+            }
+
+            return AddEventHandler(new OpenIddictValidationEventHandler<TEvent>(handler));
+        }
+
+        /// <summary>
+        /// Registers an event handler for the specified event type.
+        /// </summary>
+        /// <typeparam name="TEvent">The type of the event.</typeparam>
+        /// <typeparam name="THandler">The type of the handler.</typeparam>
+        /// <param name="lifetime">The lifetime of the registered service.</param>
+        /// <returns>The <see cref="OpenIddictValidationBuilder"/>.</returns>
+        [EditorBrowsable(EditorBrowsableState.Advanced)]
+        public OpenIddictValidationBuilder AddEventHandler<TEvent, THandler>(
+            ServiceLifetime lifetime = ServiceLifetime.Scoped)
+            where TEvent : class, IOpenIddictValidationEvent
+            where THandler : IOpenIddictValidationEventHandler<TEvent>
+            => AddEventHandler<TEvent>(typeof(THandler));
+
+        /// <summary>
+        /// Registers an event handler for the specified event type.
+        /// </summary>
+        /// <param name="type">The type of the handler.</param>
+        /// <param name="lifetime">The lifetime of the registered service.</param>
+        /// <returns>The <see cref="OpenIddictValidationBuilder"/>.</returns>
+        [EditorBrowsable(EditorBrowsableState.Advanced)]
+        public OpenIddictValidationBuilder AddEventHandler<TEvent>(
+            [NotNull] Type type, ServiceLifetime lifetime = ServiceLifetime.Scoped)
+            where TEvent : class, IOpenIddictValidationEvent
+        {
+            if (type == null)
+            {
+                throw new ArgumentNullException(nameof(type));
+            }
+
+            if (lifetime == ServiceLifetime.Transient)
+            {
+                throw new ArgumentException("Handlers cannot be registered as transient services.", nameof(lifetime));
+            }
+
+            if (!typeof(IOpenIddictValidationEventHandler<TEvent>).IsAssignableFrom(type))
+            {
+                throw new ArgumentException("The specified type is invalid.", nameof(type));
+            }
+
+            Services.Add(new ServiceDescriptor(typeof(IOpenIddictValidationEventHandler<TEvent>), type, lifetime));
+
+            return this;
+        }
+
         /// <summary>
         /// Amends the default OpenIddict validation configuration.
         /// </summary>
@@ -80,23 +172,6 @@ namespace Microsoft.Extensions.DependencyInjection
             return Configure(options => options.Audiences.UnionWith(audiences));
         }
 
-        /// <summary>
-        /// Registers application-specific OAuth2 validation events that are automatically
-        /// invoked for each request handled by the OpenIddict validation handler.
-        /// </summary>
-        /// <param name="events">The custom <see cref="OAuthValidationEvents"/> service.</param>
-        /// <returns>The <see cref="OAuthValidationEvents"/>.</returns>
-        [EditorBrowsable(EditorBrowsableState.Advanced)]
-        public OpenIddictValidationBuilder RegisterEvents([NotNull] OAuthValidationEvents events)
-        {
-            if (events == null)
-            {
-                throw new ArgumentNullException(nameof(events));
-            }
-
-            return Configure(options => options.ApplicationEvents = events);
-        }
-
         /// <summary>
         /// Configures OpenIddict not to return the authentication error
         /// details as part of the standard WWW-Authenticate response header.
@@ -143,4 +218,4 @@ namespace Microsoft.Extensions.DependencyInjection
         public OpenIddictValidationBuilder UseReferenceTokens()
             => Configure(options => options.UseReferenceTokens = true);
     }
-}
+}

src/OpenIddict.Validation/OpenIddictValidationEvent.cs

@@ -0,0 +1,24 @@
+using System;
+using JetBrains.Annotations;
+
+namespace OpenIddict.Validation
+{
+    /// <summary>
+    /// Represents an OpenIddict validation event.
+    /// </summary>
+    /// <typeparam name="TContext">The type of the context instance associated with the event.</typeparam>
+    public class OpenIddictValidationEvent<TContext> : IOpenIddictValidationEvent where TContext : class
+    {
+        /// <summary>
+        /// Creates a new instance of <see cref="OpenIddictValidationEvent{TContext}"/>.
+        /// </summary>
+        /// <param name="context">The context instance associated with the event.</param>
+        public OpenIddictValidationEvent([NotNull] TContext context)
+            => Context = context ?? throw new ArgumentNullException(nameof(context));
+
+        /// <summary>
+        /// Gets the context instance associated with the event.
+        /// </summary>
+        public TContext Context { get; }
+    }
+}

src/OpenIddict.Validation/OpenIddictValidationEventHandler.cs

@@ -0,0 +1,46 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using JetBrains.Annotations;
+
+namespace OpenIddict.Validation
+{
+    /// <summary>
+    /// Represents a handler able to process <typeparamref name="TEvent"/> events.
+    /// </summary>
+    /// <typeparam name="TEvent">The type of the events handled by this instance.</typeparam>
+    public class OpenIddictValidationEventHandler<TEvent> : IOpenIddictValidationEventHandler<TEvent>
+        where TEvent : class, IOpenIddictValidationEvent
+    {
+        private readonly Func<TEvent, CancellationToken, Task> _handler;
+
+        /// <summary>
+        /// Creates a new event using the specified handler delegate.
+        /// </summary>
+        /// <param name="handler">The event handler delegate</param>
+        public OpenIddictValidationEventHandler([NotNull] Func<TEvent, CancellationToken, Task> handler)
+            => _handler = handler ?? throw new ArgumentNullException(nameof(handler));
+
+        /// <summary>
+        /// Processes the event.
+        /// </summary>
+        /// <param name="notification">The event to process.</param>
+        /// <param name="cancellationToken">
+        /// The <see cref="CancellationToken"/> that can be used to abort the operation.
+        /// </param>
+        /// <returns>
+        /// A <see cref="Task"/> that can be used to monitor the asynchronous operation.
+        /// </returns>
+        public async Task HandleAsync(TEvent notification, CancellationToken cancellationToken)
+        {
+            if (notification == null)
+            {
+                throw new ArgumentNullException(nameof(notification));
+            }
+
+            cancellationToken.ThrowIfCancellationRequested();
+
+            await _handler.Invoke(notification, cancellationToken);
+        }
+    }
+}

src/OpenIddict.Validation/OpenIddictValidationEventService.cs

@@ -0,0 +1,64 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace OpenIddict.Validation
+{
+    /// <summary>
+    /// Dispatches notifications by invoking the corresponding handlers.
+    /// </summary>
+    public class OpenIddictValidationEventService : IOpenIddictValidationEventService
+    {
+        private readonly IServiceProvider _provider;
+
+        public OpenIddictValidationEventService([NotNull] IServiceProvider provider)
+        {
+            _provider = provider;
+        }
+
+        /// <summary>
+        /// Publishes a new event.
+        /// </summary>
+        /// <typeparam name="TEvent">The type of the event to publish.</typeparam>
+        /// <param name="notification">The event to publish.</param>
+        /// <param name="cancellationToken">The <see cref="CancellationToken"/> that can be used to abort the operation.</param>
+        /// <returns>A <see cref="Task"/> that can be used to monitor the asynchronous operation.</returns>
+        public async Task PublishAsync<TEvent>([NotNull] TEvent notification, CancellationToken cancellationToken = default)
+            where TEvent : class, IOpenIddictValidationEvent
+        {
+            if (notification == null)
+            {
+                throw new ArgumentNullException(nameof(notification));
+            }
+
+            foreach (var handler in _provider.GetServices<IOpenIddictValidationEventHandler<TEvent>>())
+            {
+                cancellationToken.ThrowIfCancellationRequested();
+
+                await handler.HandleAsync(notification, cancellationToken);
+
+                // Note: the following logic determines whether next handlers should be invoked
+                // depending on whether the underlying event context was substantially updated.
+                switch (notification)
+                {
+                    case OpenIddictValidationEvents.ApplyChallenge value when value.Context.State != EventResultState.Continue: return;
+
+                    case OpenIddictValidationEvents.CreateTicket value when value.Context.State != EventResultState.Continue: return;
+                    case OpenIddictValidationEvents.CreateTicket value when value.Context.Ticket == null:                     return;
+
+                    case OpenIddictValidationEvents.DecryptToken value when value.Context.State != EventResultState.Continue: return;
+                    case OpenIddictValidationEvents.DecryptToken value when value.Context.Ticket != null:                     return;
+
+                    case OpenIddictValidationEvents.RetrieveToken value when value.Context.State != EventResultState.Continue: return;
+                    case OpenIddictValidationEvents.RetrieveToken value when value.Context.Ticket != null:                     return;
+
+                    case OpenIddictValidationEvents.ValidateToken value when value.Context.State != EventResultState.Continue: return;
+                    case OpenIddictValidationEvents.ValidateToken value when value.Context.Ticket == null:                     return;
+                }
+            }
+        }
+    }
+}

src/OpenIddict.Validation/OpenIddictValidationEvents.cs

@@ -0,0 +1,71 @@
+using AspNet.Security.OAuth.Validation;
+using JetBrains.Annotations;
+
+namespace OpenIddict.Validation
+{
+    /// <summary>
+    /// Contains common events used by the OpenIddict validation handler.
+    /// </summary>
+    public static class OpenIddictValidationEvents
+    {
+        /// <summary>
+        /// Invoked when a challenge response is returned to the caller.
+        /// </summary>
+        public sealed class ApplyChallenge : OpenIddictValidationEvent<ApplyChallengeContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ApplyChallenge"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ApplyChallenge([NotNull] ApplyChallengeContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Invoked when a ticket is to be created from an introspection response.
+        /// </summary>
+        public sealed class CreateTicket : OpenIddictValidationEvent<CreateTicketContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="CreateTicket"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public CreateTicket([NotNull] CreateTicketContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Invoked when a token is to be decrypted.
+        /// </summary>
+        public sealed class DecryptToken : OpenIddictValidationEvent<DecryptTokenContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="DecryptToken"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public DecryptToken([NotNull] DecryptTokenContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Invoked when a token is to be parsed from a newly-received request.
+        /// </summary>
+        public sealed class RetrieveToken : OpenIddictValidationEvent<RetrieveTokenContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="RetrieveToken"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public RetrieveToken([NotNull] RetrieveTokenContext context) : base(context) { }
+        }
+
+        /// <summary>
+        /// Invoked when a token is to be validated, before final processing.
+        /// </summary>
+        public sealed class ValidateToken : OpenIddictValidationEvent<ValidateTokenContext>
+        {
+            /// <summary>
+            /// Creates a new instance of <see cref="ValidateToken"/>.
+            /// </summary>
+            /// <param name="context">The context instance associated with the notification.</param>
+            public ValidateToken([NotNull] ValidateTokenContext context) : base(context) { }
+        }
+    }
+}

src/OpenIddict.Validation/OpenIddictValidationExtensions.cs

@@ -9,6 +9,7 @@ using JetBrains.Annotations;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
 using OpenIddict.Validation;
 
@@ -33,6 +34,7 @@ namespace Microsoft.Extensions.DependencyInjection
             }
 
             builder.Services.AddAuthentication();
+            builder.Services.TryAddScoped<IOpenIddictValidationEventService, OpenIddictValidationEventService>();
 
             return new OpenIddictValidationBuilder(builder.Services);
         }
@@ -94,18 +96,6 @@ namespace Microsoft.Extensions.DependencyInjection
                 options.AccessTokenFormat = new TicketDataFormat(protector);
             }
 
-            // If application events have been registered, import the events into the main provider.
-            if (options.ApplicationEvents != null)
-            {
-                var events = options.Events as OpenIddictValidationEvents;
-                if (events == null)
-                {
-                    throw new InvalidOperationException("The specified OAuth2 validation events are not compatible.");
-                }
-
-                events.Import(options.ApplicationEvents);
-            }
-
             return app.UseOAuthValidation(options);
         }
     }

src/OpenIddict.Validation/OpenIddictValidationOptions.cs

@@ -4,7 +4,6 @@
  * the license and the contributors participating to this project.
  */
 
-using System;
 using AspNet.Security.OAuth.Validation;
 
 namespace OpenIddict.Validation
@@ -19,15 +18,9 @@ namespace OpenIddict.Validation
         /// </summary>
         public OpenIddictValidationOptions()
         {
-            Events = new OpenIddictValidationEvents();
+            Events = new OpenIddictValidationProvider();
         }
 
-        /// <summary>
-        /// Gets or sets the user-provided <see cref="OAuthValidationEvents"/> that the OpenIddict
-        /// validation handler invokes to enable developer control over the entire authentication process.
-        /// </summary>
-        public OAuthValidationEvents ApplicationEvents { get; set; }
-
         /// <summary>
         /// Gets or sets a boolean indicating whether reference tokens are used.
         /// </summary>

test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs

@@ -7,8 +7,9 @@
 using System;
 using System.IdentityModel.Tokens.Jwt;
 using System.Reflection;
+using System.Threading;
+using System.Threading.Tasks;
 using AspNet.Security.OpenIdConnect.Primitives;
-using AspNet.Security.OpenIdConnect.Server;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
@@ -16,11 +17,63 @@ using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
 using Moq;
 using Xunit;
+using static OpenIddict.Server.OpenIddictServerEvents;
 
 namespace OpenIddict.Server.Tests
 {
     public class OpenIddictServerBuilderTests
     {
+        [Fact]
+        public void AddEventHandler_HandlerIsAttached()
+        {
+            // Arrange
+            var services = CreateServices();
+            var builder = CreateBuilder(services);
+            var handler = new OpenIddictServerEventHandler<ApplyAuthorizationResponse>(
+                (notification, cancellationToken) => Task.FromResult(0));
+
+            // Act
+            builder.AddEventHandler(handler);
+
+            // Assert
+            Assert.Contains(services, service =>
+                service.ServiceType == typeof(IOpenIddictServerEventHandler<ApplyAuthorizationResponse>) &&
+                service.ImplementationInstance == handler);
+        }
+
+        [Fact]
+        public void AddEventHandler_ThrowsAnExceptionForInvalidHandlerType()
+        {
+            // Arrange
+            var services = CreateServices();
+            var builder = CreateBuilder(services);
+
+            // Act and assert
+            var exception = Assert.Throws<ArgumentException>(delegate
+            {
+                return builder.AddEventHandler<ApplyAuthorizationResponse>(typeof(object));
+            });
+
+            Assert.Equal("type", exception.ParamName);
+            Assert.StartsWith("The specified type is invalid.", exception.Message);
+        }
+
+        [Fact]
+        public void AddEventHandler_HandlerIsRegistered()
+        {
+            // Arrange
+            var services = CreateServices();
+            var builder = CreateBuilder(services);
+
+            // Act
+            builder.AddEventHandler<ApplyAuthorizationResponse, CustomHandler>();
+
+            // Assert
+            Assert.Contains(services, service =>
+                service.ServiceType == typeof(IOpenIddictServerEventHandler<ApplyAuthorizationResponse>) &&
+                service.ImplementationType == typeof(CustomHandler));
+        }
+
         [Fact]
         public void Configure_OptionsAreCorrectlyAmended()
         {
@@ -583,22 +636,6 @@ namespace OpenIddict.Server.Tests
             Assert.Equal(new Uri("http://www.fabrikam.com/"), options.Issuer);
         }
 
-        [Fact]
-        public void RegisterProvider_ProviderIsAttached()
-        {
-            // Arrange
-            var services = CreateServices();
-            var builder = CreateBuilder(services);
-
-            // Act
-            builder.RegisterProvider(new OpenIdConnectServerProvider());
-
-            var options = GetOptions(services);
-
-            // Assert
-            Assert.NotNull(options.ApplicationProvider);
-        }
-
         [Fact]
         public void RegisterClaims_ClaimsAreAdded()
         {
@@ -703,5 +740,12 @@ namespace OpenIddict.Server.Tests
             var options = provider.GetRequiredService<IOptions<OpenIddictServerOptions>>();
             return options.Value;
         }
+
+        public class CustomHandler : OpenIddictServerEventHandler<ApplyAuthorizationResponse>
+        {
+            public CustomHandler(Func<ApplyAuthorizationResponse, CancellationToken, Task> handler) : base(handler)
+            {
+            }
+        }
     }
 }

test/OpenIddict.Validation.Tests/Internal/OpenIddictValidationEventsTests.cs → test/OpenIddict.Validation.Tests/Internal/OpenIddictValidationProviderTests.cs

@@ -35,7 +35,7 @@ using Xunit;
 
 namespace OpenIddict.Validation.Tests
 {
-    public class OpenIddictValidationEventsTests
+    public class OpenIddictValidationProviderTests
     {
         [Fact]
         public async Task DecryptToken_ThrowsAnExceptionWhenTokenManagerIsNotRegistered()

test/OpenIddict.Validation.Tests/OpenIddictValidationBuilderTests.cs

@@ -4,62 +4,100 @@
  * the license and the contributors participating to this project.
  */
 
-using AspNet.Security.OAuth.Validation;
+using System;
+using System.Threading;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
 using Xunit;
+using static OpenIddict.Validation.OpenIddictValidationEvents;
 
 namespace OpenIddict.Validation.Tests
 {
     public class OpenIddictValidationBuilderTests
     {
         [Fact]
-        public void Configure_OptionsAreCorrectlyAmended()
+        public void AddEventHandler_HandlerIsAttached()
         {
             // Arrange
             var services = CreateServices();
             var builder = CreateBuilder(services);
+            var handler = new OpenIddictValidationEventHandler<CreateTicket>(
+                (notification, cancellationToken) => Task.FromResult(0));
 
             // Act
-            builder.Configure(configuration => configuration.ClaimsIssuer = "custom_issuer");
+            builder.AddEventHandler(handler);
 
-            var options = GetOptions(services);
+            // Assert
+            Assert.Contains(services, service =>
+                service.ServiceType == typeof(IOpenIddictValidationEventHandler<CreateTicket>) &&
+                service.ImplementationInstance == handler);
+        }
+
+        [Fact]
+        public void AddEventHandler_ThrowsAnExceptionForInvalidHandlerType()
+        {
+            // Arrange
+            var services = CreateServices();
+            var builder = CreateBuilder(services);
+
+            // Act and assert
+            var exception = Assert.Throws<ArgumentException>(delegate
+            {
+                return builder.AddEventHandler<CreateTicket>(typeof(object));
+            });
+
+            Assert.Equal("type", exception.ParamName);
+            Assert.StartsWith("The specified type is invalid.", exception.Message);
+        }
+
+        [Fact]
+        public void AddEventHandler_HandlerIsRegistered()
+        {
+            // Arrange
+            var services = CreateServices();
+            var builder = CreateBuilder(services);
+
+            // Act
+            builder.AddEventHandler<CreateTicket, CustomHandler>();
 
             // Assert
-            Assert.Equal("custom_issuer", options.ClaimsIssuer);
+            Assert.Contains(services, service =>
+                service.ServiceType == typeof(IOpenIddictValidationEventHandler<CreateTicket>) &&
+                service.ImplementationType == typeof(CustomHandler));
         }
 
         [Fact]
-        public void AddAudiences_AudiencesAreAdded()
+        public void Configure_OptionsAreCorrectlyAmended()
         {
             // Arrange
             var services = CreateServices();
             var builder = CreateBuilder(services);
 
             // Act
-            builder.AddAudiences("Fabrikam", "Contoso");
+            builder.Configure(configuration => configuration.ClaimsIssuer = "custom_issuer");
 
             var options = GetOptions(services);
 
             // Assert
-            Assert.Equal(new[] { "Fabrikam", "Contoso" }, options.Audiences);
+            Assert.Equal("custom_issuer", options.ClaimsIssuer);
         }
 
         [Fact]
-        public void RegisterEvents_EventsAreAttached()
+        public void AddAudiences_AudiencesAreAdded()
         {
             // Arrange
             var services = CreateServices();
             var builder = CreateBuilder(services);
 
             // Act
-            builder.RegisterEvents(new OAuthValidationEvents());
+            builder.AddAudiences("Fabrikam", "Contoso");
 
             var options = GetOptions(services);
 
             // Assert
-            Assert.NotNull(options.ApplicationEvents);
+            Assert.Equal(new[] { "Fabrikam", "Contoso" }, options.Audiences);
         }
 
         [Fact]
@@ -137,5 +175,12 @@ namespace OpenIddict.Validation.Tests
             var provider = services.BuildServiceProvider();
             return provider.GetRequiredService<IOptions<OpenIddictValidationOptions>>().Value;
         }
+
+        public class CustomHandler : OpenIddictValidationEventHandler<CreateTicket>
+        {
+            public CustomHandler(Func<CreateTicket, CancellationToken, Task> handler) : base(handler)
+            {
+            }
+        }
     }
 }