Where should Thread.CurrentPrincipal and HttpContext.Current.User be set when using custom principal

I created my own class inheriting from IPrincipal

and would like this object to be added to Thread.CurrentPrincipal

and HttpContext.Current.User

instead of the object ClaimsPrincipal

. This is for web api application.

I would like this to happen after the user makes a successful request for an access token. Where in the life cycle should this happen?

After I called / Token to get the access_token, I passed the bearer token back to the ChangePassword activity along with the required parameters, and the User is still set to ClaimsPrincipal. Is there a way to ensure that the Principal is set immediately upon request and after the ClaimsPrincipal is set?