Identityserver4: How do I authorize token manualy, not within http pipeline

I think you can use the JwtSecurityTokenHandler class.

https://msdn.microsoft.com/en-us/library/system.identitymodel.tokens.jwtsecuritytokenhandler(v=vs.114).aspx

yes I have found it in the meantime :), but one more thing, I'm getting "Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: 'IDX10500: Signature validation failed. No security keys were provided to validate the signature.'"

You'll have to use the Validate method that takes TokenValidationParameters, and create an instance of that parameters class with the correct information filled out.

No need to have it set for standard pipeline, it works out of the box, why i need to specify it explicitly here and how :)

It works out of the box? Are you sure? Don't you pass all that info into during startup as part of the OpenIdConnectAuthenticationOptions?

Sorry I meant that I had to set only this
var identityServerValidationOptions = new IdentityServerAuthenticationOptions
{
Authority = "http://xxxxx",
RequireHttpsMetadata = false,
AllowedScopes = new List { "tdp" },
ApiName = "tdp",
AutomaticAuthenticate = true,
SupportedTokens = SupportedTokens.Jwt, //.Both,
AutomaticChallenge = true,
}

and it does not say anything about security keys

This seems to be a general question about IdentityServer - not a bug report or an issue.

Please use StackOverflow for that. This has the advantage that questions and answers can be easily found by search engines, and that there are more people answering questions than just us.

For IdentityServer3
https://stackoverflow.com/questions/tagged/?tagnames=identityserver3&sort=newest

For IdentityServer4
https://stackoverflow.com/questions/tagged/?tagnames=identityserver4&sort=newest

For commercial support
https://identityserver.io/

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.