Keycloak.AuthServices.Authentication 1.2.1

.NET 6.0
This package has a SemVer 2.0.0 package version: 1.2.1+build.49.
dotnet add package Keycloak.AuthServices.Authentication --version 1.2.1
NuGet\Install-Package Keycloak.AuthServices.Authentication -Version 1.2.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Keycloak.AuthServices.Authentication" Version="1.2.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Keycloak.AuthServices.Authentication --version 1.2.1
#r "nuget: Keycloak.AuthServices.Authentication, 1.2.1"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package.
// Install Keycloak.AuthServices.Authentication as a Cake Addin
#addin nuget:?package=Keycloak.AuthServices.Authentication&version=1.2.1

// Install Keycloak.AuthServices.Authentication as a Cake Tool
#tool nuget:?package=Keycloak.AuthServices.Authentication&version=1.2.1


Build CodeQL NuGet contributionswelcome Conventional Commits License

Easy Authentication and Authorization with Keycloak in .NET and ASP.NET Core.

Package Version Description
Keycloak.AuthServices.Authentication Nuget Keycloak Authentication JWT + OICD
Keycloak.AuthServices.Authorization Nuget Authorization Services. Use Keycloak as authorization server
Keycloak.AuthServices.Sdk Nuget HTTP API integration with Keycloak

GitHub Actions Build History


Demonstrates how to add JWT-based authentication and custom authorization policy.

var builder = WebApplication.CreateBuilder(args);

var host = builder.Host;
var configuration = builder.Configuration;
var services = builder.Services;

// conventional registration from keycloak.json

services.AddAuthorization(options =>
        options.AddPolicy("RequireWorkspaces", builder =>
            builder.RequireProtectedResource("workspaces", "workspaces:read") // HTTP request to Keycloak to check protected resource
                .RequireRealmRoles("User") // Realm role is fetched from token
                .RequireResourceRoles("Admin"); // Resource/Client role is fetched from token

var app = builder.Build();


app.MapGet("/workspaces", () => "[]")




Add OpenID Connect + JWT Bearer token authentication.

// add configuration from keycloak file
// add authentication services, OICD JwtBearerDefaults.AuthenticationScheme
services.AddKeycloakAuthentication(configuration, o =>
    o.RequireHttpsMetadata = false;

Client roles are automatically transformed into user role claims KeycloakRolesClaimsTransformation.

See Keycloak.AuthServices.Authentication -

Keycloak installation file:

// confidential client
  "realm": "<realm>",
  "auth-server-url": "http://localhost:8088/auth/",
  "ssl-required": "external", // external | none
  "resource": "<clientId>",
  "verify-token-audience": true,
  "credentials": {
    "secret": ""
// public client
  "realm": "<realm>",
  "auth-server-url": "http://localhost:8088/auth/",
  "ssl-required": "external",
  "resource": "<clientId>",
  "public-client": true,
  "confidential-port": 0



services.AddAuthorization(authOptions =>
    authOptions.AddPolicy("<policyName>", policyBuilder =>
        // configure policies here

See Keycloak.AuthServices.Authorization -



Keycloak API clients.

Service Description
IKeycloakClient Unified HTTP client - IKeycloakRealmClient, IKeycloakProtectedResourceClient
IKeycloakRealmClient Keycloak realm API
IKeycloakProtectedResourceClient Protected resource API
IKeycloakProtectionClient Authorization server API, used by AddKeycloakAuthorization
// requires confidential client

// based on token forwarding HttpClient middleware and IHttpContextAccessor

See Keycloak.AuthServices.Sdk -

Build and Development

dotnet cake --target build

dotnet pack -o ./Artefacts


Product Versions
.NET net6.0 net6.0-android net6.0-ios net6.0-maccatalyst net6.0-macos net6.0-tvos net6.0-windows net7.0 net7.0-android net7.0-ios net7.0-maccatalyst net7.0-macos net7.0-tvos net7.0-windows
Compatible target framework(s)
Additional computed target framework(s)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Keycloak.AuthServices.Authentication:

Package Downloads

Package Description

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.2.1 6,302 9/22/2022
1.2.0 2,249 8/24/2022
1.1.0 4,390 1/30/2022
1.0.5 76 1/29/2022
1.0.4 455 1/28/2022
1.0.3 65 1/28/2022
1.0.2 69 1/23/2022
1.0.1 208 1/19/2022
1.0.0 305 1/19/2022