Storing extra information on a refresh token

[pacoteinnov]

We would like to add extra information to a refresh token. For example, IP address and other data that we don't want to expose in the claims.
There's no "Parameters" property that we can use. One possibility would be to use a custom RefreshToken class but it seems difficult to use another class: a new RefreshToken() is done in DefaultRefreshTokenService.cs. https://github.com/DuendeSoftware/products/blob/fc7c49cf5d51860acb662783ab9fd8e951f8317a/identity-server/src/IdentityServer/Services/Default/DefaultRefreshTokenService.cs#L206
Customizing/overriding CreateRefreshTokenAsync would probably be a maintenance hassle.
The only possible alternative is to use the Description property but putting many properties in it is not ideal.

Any other idea?

[AndersAbel]

Would you mind sharing some more details about what information you want to store and why? How will this information be used?

If we know more about the scenario and the problem you are trying to solve, we can offer better help.

[pacoteinnov]

Hi, I was afraid you are going to ask that, I would have done the same :)
Is it possible to discuss in private to prevent exposing what we consider private information? We are a paying customer.
Thanks.

[AndersAbel]

Do you have a license that includes priority support (enterprise or some of the redistribution licenses)? If you do, please reach out there. If not, use our contact form at https://duendesoftware.com/contact/sales and note that you need to get in touch with the support team regarding this discussion.

[pacoteinnov]

Yes, we do have this kind of license. I will use that channel, thanks

[pacoteinnov]

We have sent multiple emails to [email protected] but didn't receive a reply. Is it the right email address?

[maartenba]

Found it, and forwarded to Anders 👍