Identity Server - Add custom parameters to the JSON response from the Token Endpoint

Question

I’ve a requirement to add custom members in the token response of the Identity Server Token Endpoint.

Sample expected response:

{
"access_token": "XXXXXXXXXXXXXXX",
"token_type": "bearer",
"expires_in": 3600,
"scope": "patient/Observation.read patient/Patient.read",
"patient": 123,
"refresh_token":"XXXXXXXXXXXXXXXXX"
}

I would like to add the scope, patient parameter in the response, even though it's present in the Access Token.

Any guidance on this would be really helpful!

Answer 1

For Identity Server 4, you can add a custom parameter in the token response by implementing the ICustomTokenRequestValidator interface.

public class CustomTokenRequestValidator : ICustomTokenRequestValidator
{
    public Task ValidateAsync(CustomTokenRequestValidationContext context)
    {
        context.Result.CustomResponse =
          new Dictionary<string, object> {{ "patient", "alice"}};
        return Task.CompletedTask;
    }

    public CustomTokenRequestValidator()
    {
        
    }
}

Also do not forget to register the dependency in the configureServices method in startup. You can append .AddCustomTokenRequestValidator<>({pass-in-name-of-class-implementing}) after adding the IdentityServer service.

Answer 2

Not possible with out of the box configuration because of the static nature of TokenResponse model.

Having said that, IdentityServer4 is extremely extensible so you could technically create your own implementation of ITokenResponseGenerator and your own custom model for TokenResponse in order to achieve this behaviour.

Would not recommend this, however, because it seems like you are trying to solve the shortcoming of some other system not being able to process a pretty standard JWT.

Answer 3

I was able to get the Identity Server 3 to provide a customized Token Response by implementing the ICustomTokenResponseGenerator Interface and adding the required parameters in the Custom section of the tokenResponse.

Steps:

1. Implement the Interface

2. Register the Interface in the factory

This fix worked for me and i'm able to get the custom items in the token response.

//Interface Implementation    
public class CustomTokenResponseGeneratorService: ICustomTokenResponseGenerator
        {
            protected ITokenService _tokenService;

            public CustomTokenResponseGeneratorService(ITokenService tokenService)
            {
                _tokenService = tokenService;
            }

            public Task<TokenResponse> GenerateAsync(ValidatedTokenRequest request, TokenResponse response)
            {
                var patientID = 123;

                response.Custom.Add("patient"               , patientID);
                response.Custom.Add("scope"                 , request.AuthorizationCode.Scopes.ToArray());
                response.Custom.Add("need_patient_banner"   , "false");
                response.Custom.Add("encounter"             , patientID);
                response.Custom.Add("client_id"             , request.AuthorizationCode.ClientId);
                response.Custom.Add("smart_style_url"       , "UNK");
                return Task.FromResult(response);
            }
        }

Step2: Register the CustomTokenResponseGenerator in the Identity Server factory

//Token Service
            factory.CustomTokenResponseGenerator = new Registration<ICustomTokenResponseGenerator, CustomTokenResponseGeneratorService>();

Reference: Interface Detail for Identity Server 3