Keycloak.Net.Authentication 2.0.0

.NET 8.0

dotnet add package Keycloak.Net.Authentication --version 2.0.0

NuGet\Install-Package Keycloak.Net.Authentication -Version 2.0.0

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Keycloak.Net.Authentication" Version="2.0.0" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

paket add Keycloak.Net.Authentication --version 2.0.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Keycloak.Net.Authentication, 2.0.0"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

// Install Keycloak.Net.Authentication as a Cake Addin
#addin nuget:?package=Keycloak.Net.Authentication&version=2.0.0

// Install Keycloak.Net.Authentication as a Cake Tool
#tool nuget:?package=Keycloak.Net.Authentication&version=2.0.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Keycloak .Net Authentication

Authentication with Keycloak in .NET and ASP.NET Core. Secure your api with Keycloak JWT bearer authentication

Add the Keycloak.Net.Authentification nuget package to your project.

Api calls requires auhorization header with an JWT token from Keycloak.

POST https://yourapi/action HTTP/1.1
Auhorization: Bearer JwtTokenContent

How to use

Add to program.cs of your api

Option no.1 (easiest way)

builder.Services
  .AddKeyCloakAuthentication()
  .AddKeyCloakJwtBearerOptions("appsettings_section_name");
.....
app.UseAuthentication();
app.UseAuthorization();

Add section to the appsettings.{Environment}.json

Authority is required. If not set will throw exception during app startup.
Set the audience as "Audience", "ValidAudience" or "ValidAudiences". If not set will throw exception during app startup.

 {
    "KeycloakUrl": "<<FROM_USER_SECRET>>",
    "RealmName": "<<FROM_USER_SECRET>>",
    
    "appsettings_section_name": {
          "Authority": "{KeycloakUrl}{RealmName}",
          "Audience": "<<Audience>>"
       }
// or
    "appsettings_section_name": {
          "Authority": "{KeycloakUrl}{RealmName}",
          "ValidAudience": "<<Audience>>"
       }
//or
    "appsettings_section_name": {
          "Authority": "{KeycloakUrl}{RealmName}",
          "ValidAudiences": ["<<Audience>>"]
       }
 }

Option no.2

Variation of first option. Additional configuration of JwtBearerOptions available.
If set will override the value of same property defined in appsettings.{Environment}.json

builder.Services
  .AddKeyCloakAuthentication()
  .AddKeyCloakJwtBearerOptions("appsettings_section_name", options =>
  {
    options.Audience = "<<Audience>>";
    options.SaveToken = true;

    options.TokenValidationParameters.ClockSkew = TimeSpan.FromSeconds(30);
  });

Option no.3

If you want to get auth options from other source, not from appsettings.{Environment}.json, you can pass Action<JwtBearerValidationOptions> instead.
Authority is required. If not set will throw exception during app startup.
Set the audience as "Audience", "ValidAudience" or "ValidAudiences".If not set will throw exception during app startup.

builder.Services
  .AddKeyCloakAuthentication()
  .AddKeyCloakJwtBearerOptions(options =>
    {
        options.KeycloakAuthority = "https://{host}/realms/{realm}";
        options.KeycloakAudience = "<<Audience>>";
    })

Option no.4

You have to manually configure the JwtBearerOtions.

builder.Services
  .AddKeyCloakAuthentication()
  .AddJwtBearerOptions(options =>
    {
        options.Authority = "https://{host}/realms/{realm}";
        options.Audience = "<<Audience>>";
        ......
        options.TokenValidationParameters = new TokenValidationParameters( options =>
        {
          options.ClockSkew = TimeSpan.FromSeconds(30);
          .......
        });
    });

JWT transformation

Under the hood the Keyclaok JWT is mapped and transformed to Identity JWT
The Keycloak Realm and Client "roles" claims are mapped and transformed to ClaimType.Role
By default the Keycloak "preferred_username" claim is transformed to ClaimType.Name. You can change it by just adding the following:

{
    "KeycloakUrl": "<<FROM_USER_SECRET>>",
    "RealmName": "<<FROM_USER_SECRET>>",
    
    "appsettings_section_name": {
          "Authority": "{KeycloakUrl}{RealmName}",
          "Audience": "<<Audience>>",
          "NameClaim: "<<NameOfClaimWhichShouldBeSetToNameClaim>>"
       }
}

Product	Compatible and additional computed target framework versions.
.NET	net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net8.0
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 8.0.1)

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Keycloak.Net.Authentication:

Package	Downloads
Keycloak.Net.Authorization Authorization with Keycloak in .NET and ASP.NET Core	325

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last updated
2.0.0	108	2/20/2024
1.0.3	107	1/27/2024
1.0.2	89	1/24/2024
1.0.2-rc0.2	47	1/23/2024
1.0.2-rc0.1	42	1/23/2024
1.0.1	103	1/15/2024
1.0.0-rc01	71	1/14/2024
1.0.0-rc	73	1/12/2024