public virtual async Task <TokenValidationResult> ValidateIdentityTokenAsync(string token, string clientId = null, bool validateLifetime = true) { Logger.Info("Start identity token validation"); if (token.Length > _options.InputLengthRestrictions.Jwt) { Logger.Error("JWT too long"); return(Invalid(Constants.ProtectedResourceErrors.InvalidToken)); } if (clientId.IsMissing()) { clientId = GetClientIdFromJwt(token); if (clientId.IsMissing()) { Logger.Error("No clientId supplied, can't find id in identity token."); return(Invalid(Constants.ProtectedResourceErrors.InvalidToken)); } } _log.ClientId = clientId; _log.ValidateLifetime = validateLifetime; var client = await _clients.FindClientByIdAsync(clientId); if (client == null) { LogError("Unknown or diabled client."); return(Invalid(Constants.ProtectedResourceErrors.InvalidToken)); } _log.ClientName = client.ClientName; var keys = await _keyService.GetPublicKeysAsync(); var result = await ValidateJwtAsync(token, clientId, keys, validateLifetime); result.Client = client; if (result.IsError) { LogError("Error validating JWT"); return(result); } _log.Claims = result.Claims.ToClaimsDictionary(); var customResult = await _customValidator.ValidateIdentityTokenAsync(result); if (customResult.IsError) { LogError("Custom validator failed: " + (customResult.Error ?? "unknown")); return(customResult); } _log.Claims = customResult.Claims.ToClaimsDictionary(); LogSuccess(); return(customResult); }