Unpack claims without setting identity

[devdigital]

Sorry if this has been asked before - is it possible to validate tokens from IdentityServer 3 and unpack to a new ClaimsIdentity rather than a middleware that sets the current identity?

I want to use IdentityServer for a 'signing' process, so still use OpenID Connect to secure the tokens but use them for a different use case, i.e. the user has 'signed' a process. The reason we don't want to update the claims, or elevate the user for this signing is because it's only a one off process - they must re-authenticate the next time they wish to perform this process.