diff --git a/src/OpenIddict.Client/OpenIddictClientEvents.Protection.cs b/src/OpenIddict.Client/OpenIddictClientEvents.Protection.cs
index d8a365cb..27eb1cae 100644
--- a/src/OpenIddict.Client/OpenIddictClientEvents.Protection.cs
+++ b/src/OpenIddict.Client/OpenIddictClientEvents.Protection.cs
@@ -148,6 +148,11 @@ public static partial class OpenIddictClientEvents
///
public TokenValidationParameters TokenValidationParameters { get; set; } = default!;
+ ///
+ /// Gets or sets the validation result obtained after validating the token, if available.
+ ///
+ public TokenValidationResult? TokenValidationResult { get; set; }
+
///
/// Gets or sets the token to validate.
///
diff --git a/src/OpenIddict.Client/OpenIddictClientHandlers.Protection.cs b/src/OpenIddict.Client/OpenIddictClientHandlers.Protection.cs
index c49c5ced..4458459f 100644
--- a/src/OpenIddict.Client/OpenIddictClientHandlers.Protection.cs
+++ b/src/OpenIddict.Client/OpenIddictClientHandlers.Protection.cs
@@ -431,7 +431,7 @@ public static partial class OpenIddictClientHandlers
if (context.ValidTokenTypes.Contains(TokenTypeIdentifiers.Private.StateToken))
{
- // Attach the principal extracted from the token to the parent event context and store
+ // Attach the principal extracted from the token to the validation context and store
// the token type (resolved from "typ" or "token_usage") as a special private claim.
context.Principal = new ClaimsPrincipal(identity).SetTokenType(result.TokenType switch
{
@@ -460,6 +460,10 @@ public static partial class OpenIddictClientHandlers
// Store the resolved signing algorithm from the token and attach it to the principal.
context.Principal.SetClaim(Claims.Private.SigningAlgorithm, token.Alg);
+ // Attach the token validation to the validation context so that it can be used by
+ // the other handlers to extract additional information from the token if necessary.
+ context.TokenValidationResult = result;
+
context.Logger.LogTrace(6001, SR.GetResourceString(SR.ID6001), context.Token, context.Principal.Claims);
}
}
diff --git a/src/OpenIddict.Server/OpenIddictServerEvents.Protection.cs b/src/OpenIddict.Server/OpenIddictServerEvents.Protection.cs
index 0ef164cb..32c71a11 100644
--- a/src/OpenIddict.Server/OpenIddictServerEvents.Protection.cs
+++ b/src/OpenIddict.Server/OpenIddictServerEvents.Protection.cs
@@ -159,6 +159,11 @@ public static partial class OpenIddictServerEvents
///
public TokenValidationParameters TokenValidationParameters { get; set; } = default!;
+ ///
+ /// Gets or sets the validation result obtained after validating the token, if available.
+ ///
+ public TokenValidationResult? TokenValidationResult { get; set; }
+
///
/// Gets or sets the token to validate.
///
diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs
index bd229029..7325d43c 100644
--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs
@@ -547,7 +547,7 @@ public static partial class OpenIddictServerHandlers
token = token.InnerToken;
}
- // Attach the principal extracted from the token to the parent event context and store
+ // Attach the principal extracted from the token to the validation context and store
// the token type (resolved from "typ" or "token_usage") as a special private claim.
context.Principal = new ClaimsPrincipal(result.ClaimsIdentity).SetTokenType(result.TokenType switch
{
@@ -594,6 +594,10 @@ public static partial class OpenIddictServerHandlers
context.Principal.SetDestinations(builder.ToImmutable());
}
+ // Attach the token validation to the validation context so that it can be used by
+ // the other handlers to extract additional information from the token if necessary.
+ context.TokenValidationResult = result;
+
context.Logger.LogTrace(6001, SR.GetResourceString(SR.ID6001), context.Token, context.Principal.Claims);
}
}
diff --git a/src/OpenIddict.Validation/OpenIddictValidationEvents.Protection.cs b/src/OpenIddict.Validation/OpenIddictValidationEvents.Protection.cs
index b04b2986..04b69132 100644
--- a/src/OpenIddict.Validation/OpenIddictValidationEvents.Protection.cs
+++ b/src/OpenIddict.Validation/OpenIddictValidationEvents.Protection.cs
@@ -153,6 +153,11 @@ public static partial class OpenIddictValidationEvents
///
public TokenValidationParameters TokenValidationParameters { get; set; } = default!;
+ ///
+ /// Gets or sets the validation result obtained after validating the token, if available.
+ ///
+ public TokenValidationResult? TokenValidationResult { get; set; }
+
///
/// Gets or sets the token to validate.
///
diff --git a/src/OpenIddict.Validation/OpenIddictValidationHandlers.Protection.cs b/src/OpenIddict.Validation/OpenIddictValidationHandlers.Protection.cs
index 0dbf133c..fc34bd63 100644
--- a/src/OpenIddict.Validation/OpenIddictValidationHandlers.Protection.cs
+++ b/src/OpenIddict.Validation/OpenIddictValidationHandlers.Protection.cs
@@ -352,7 +352,7 @@ public static partial class OpenIddictValidationHandlers
identity = result.ClaimsIdentity;
}
- // Attach the principal extracted from the token to the parent event context and store
+ // Attach the principal extracted from the token to the validation context and store
// the token type (resolved from "typ" or "token_usage") as a special private claim.
context.Principal = new ClaimsPrincipal(identity).SetTokenType(result.TokenType switch
{
@@ -365,6 +365,10 @@ public static partial class OpenIddictValidationHandlers
string value => value
});
+ // Attach the token validation to the validation context so that it can be used by
+ // the other handlers to extract additional information from the token if necessary.
+ context.TokenValidationResult = result;
+
context.Logger.LogTrace(6001, SR.GetResourceString(SR.ID6001), context.Token, context.Principal.Claims);
}
}