Wait a minute. You're talking about PrepareApproveAuthorizationRequest(), I haven't thought I can add extra data there too. Will this data be added as url params? If I can do that and if it doesn't violate the specification, it's definitely a solution although I can't say it's perfect.
I was thinking about adding more data to json, along with access_token, something like:
var response = this.authorizationServer.PrepareAccessTokenResponse(request);
// get username somehow
response.ExtraData["claimed_identifier"] = username;
return this.authorizationServer.Channel.PrepareResponse(response).AsActionResult();
But at this point (/Token called by Client server) username is hidden somewhere inside request or, more precisely, authorization token.
I can see, in sources of AuthorizationServer.PrepareApproveAuthorizationRequest() that there's a switch from authorizationRequest.ResponseType which can be EndUserAuthorizationResponseType.AccessToken which, I can only assume, redirects with access token instead of authorization token. But I definitely lack knowledge of this workflow, never seen it in use and not sure if it's a good way, I would prefer to go with more secure workflow as we'll need it later.
So, the question is still, can I somehow (easily) get user info at /token request processing? And, if not, is there an option for simplified process which will allow what I'm trying to do?
Thanks for your patience and answers! I guess I should examine the sources and spec more closely.