Keycloak.Net.Authorization 2.0.0

.NET 8.0

dotnet add package Keycloak.Net.Authorization --version 2.0.0

NuGet\Install-Package Keycloak.Net.Authorization -Version 2.0.0

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Keycloak.Net.Authorization" Version="2.0.0" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

paket add Keycloak.Net.Authorization --version 2.0.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Keycloak.Net.Authorization, 2.0.0"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

// Install Keycloak.Net.Authorization as a Cake Addin
#addin nuget:?package=Keycloak.Net.Authorization&version=2.0.0

// Install Keycloak.Net.Authorization as a Cake Tool
#tool nuget:?package=Keycloak.Net.Authorization&version=2.0.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Keycloak .Net Authorization

Authentication and Authorization with Keycloak in .NET and ASP.NET Core. Secure your api with Keycloak UMA authorization and JWT bearer authentication.

Add the Keycloak.Net.Authorization nuget package to your project. It will add also the Keycloak.Net.Authentication package used for token validation and authentication.

Api calls requires auhorization header with an JWT token from Keycloak.

POST https://yourapi/action HTTP/1.1
Auhorization: Bearer JwtTokenContent

How to use

Add to program.cs of your api

Add and configure Keycloak.Net.Authentication services - see README.md

using Keycloak.Net.Authentication;
using Keycloak.Net.Authorization;
new code 👆

.....
👇new code
builder.Services
  // Keycloak.Net.Authentication services 
  .AddKeyCloakAuthentication()
  .AddKeyCloakJwtBearerOptions("appsettings_section_name");
.....
app.UseAuthentication();
app.UseAuthorization();

Add and configure Keycloak.Net.Authorization

Configure using the Action<ClientConfiguration>

builder.Services
  // Keycloak.Net.Authentication services 
  .AddKeyCloakAuthentication()
  .AddKeyCloakJwtBearerOptions("appsettings_section_name");
  .AddUma(client =>
    {
        client.ClientId = "client-role";
    });
new code 👆
.....
👇new code 
app.UseUma();

app.UseAuthentication();
app.UseAuthorization();

Configure by appsettings.{Environment}.json

builder.Services
  // Keycloak.Net.Authentication services 
  .AddKeyCloakAuthentication()
  .AddKeyCloakJwtBearerOptions("Appsettings_Section_Name")
  .AddUma("Client_Section_Name);
new code 👆
.....

👇new code 
app.UseUma();

app.UseAuthentication();
app.UseAuthorization();

Add to your appsettings.{Environment}.json

{
 "Client_Section_Name": {
   "ClientId": "<CLIENT_NAME>"
}

Extra AuthorizationOptions configuration can be added

.AddUma("Client", configure =>
{
    configure.AddPolicy("<<policy_name>>", configure =>
    {
        configure.RequireClaim("<<claim_name>>", "<<claim_value>>");
    });
    configure.AddPolicy("<<policy_name>>", policy =>
    {
        policy.RequireUserName("<<username>>");
    });
    configure.AddPolicy("<<policy_name>>", policy =>
    {
        policy.RequireAuthenticatedUser();
    });
    configure.AddPolicy("<<policy_name>>", policy =>
    {
        policy.RequireRole("<<role_name>>");
    });
})

Multitenant client support

builder.Services
  // Keycloak.Net.Authentication services 
  .AddKeyCloakAuthentication()
  .AddKeyCloakJwtBearerOptions("Appsettings_Section_Name")
  .AddUma();
new code 👆
.....

👇new code 
app.UseUma();

app.UseAuthentication();
app.UseAuthorization();

Add to your endpoints

MinimalAPI

Via custom extension method

app.MapGet("api/example", () =>
    Results.Ok())
    .RequireUmaAuthorization(resource: "<<resource>>", scope: "<<scope>>");

Via Attribute

app.MapGet("api/example", [Permission(Resource = "<<resource>>", Scope = "<<scope>>")] () =>
    Results.Ok());

changings from previous version

Via ASP.NET extension method. The policy string format is: Permission:<<resource>>:<<scope>>

app.MapGet("api/example", () =>
    Results.Ok())
    .RequireAuthorization("Permission:<<resource>>:<<scope>>");

Multitenant implementation

app.MapGet("api/example", () =>
    Results.Ok())
    .RequireAuthorization("Permission:<<resource>>:<<scope>>")
    .WithClient("<<client name>>);

How it works

The UseUMA middleware exchange the JWT of the request with a RPT received from Keycloak auth server after validating the realm access permission. The RPT contains the permission granted by the auth server, and is used to authorize access of the resources.

Product	Compatible and additional computed target framework versions.
.NET	net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net8.0
- Keycloak.Net.Authentication (>= 2.0.0)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last updated
2.0.0	90	2/20/2024
1.0.3	101	1/27/2024
1.0.2	79	1/24/2024
1.0.2-rc0.2	55	1/23/2024