Add custom validation to JWT token for ASP.NET Core?

Question

Previously, I was able to use JwtBearerAuthenticationOptions to add my custom token handler with my custom validation. Now with Core UseJwtBearerAuthentication I need to use JwtBearerOptions which doesn't seem to have an option to override JwtSecurityTokenHandler. I basically want to override the following method in JwtSecurityTokenHandler:

protected virtual JwtSecurityToken ValidateSignature(string token, TokenValidationParameters validationParameters)

Previously:

app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
    TokenHandler = new MyTokenHandler()
    // other properties here
});

Currently with ASP.NET Core:

app.UseJwtBearerAuthentication(new JwtBearerOptions
{
    // other properties here
});

Answer 1

If you want to actually create your own JwtSecurityTokenHandler and override the ValidateSignature method, you can use the SecurityTokenValidators property:

var options new JwtBearerOptions();
options.SecurityTokenValidators.Clear();
options.SecurityTokenValidators.Add(new MyTokenHandler());
app.UseJwtBearerAuthentication(options);

Technically the call to Clear() isn't necessary - as long as one of the token handlers can parse the token the call to authenticate will succeed. However removing the JwtSecurityTokenHandler seems to make sense if it won't ever succeed in your case.