How to apply custom validation to JWT token on each request for ASP.NET WebApi?

Question

Is it possible to add custom validation to each request when authenticating web api calls using a bearer token?

I\'m using the following configuration and the applicatio

Answer 1

on .Net Core you can add this to the JwtBearerOptions:

options.Events = new JwtBearerEvents
{
    OnTokenValidated = AdditionalValidation
};

Where your Validation function could look like this:

private static Task AdditionalValidation(TokenValidatedContext context)
{
    if ( /* any validation */ ) 
    {
        context.Fail("Failed additional validation");
    }

    return Task.CompletedTask;
}

The good news is that context will include all you need, the JWT Token, the HttpContext, the ClaimsPrincipal, etc.