Keycloak.AuthServices

Easy Authentication and Authorization with Keycloak in .NET.

Package	Version	Description
`Keycloak.AuthServices.Authentication`		Keycloak Authentication JWT + OICD
`Keycloak.AuthServices.Authorization`		Authorization Services. Use Keycloak as authorization server
`Keycloak.AuthServices.Sdk`		HTTP API integration with Keycloak
`Keycloak.AuthServices.Sdk.Kiota`		HTTP API integration with Keycloak based on OpenAPI

Documentation

See the docs: https://nikiforovall.github.io/keycloak-authorization-services-dotnet

Getting Started

Install packages:

dotnet add package Keycloak.AuthServices.Authentication
dotnet add package Keycloak.AuthServices.Common

// Program.cs
using Keycloak.AuthServices.Authentication; 

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddKeycloakWebApiAuthentication(builder.Configuration); 
builder.Services.AddAuthorization(); 

var app = builder.Build();

app.UseAuthentication(); 
app.UseAuthorization(); 

app.MapGet("/", () => "Hello World!").RequireAuthorization(); 

app.Run();

In this example, configuration is based on appsettings.json.

//appsettings.json
{
    "Keycloak": {
        "realm": "Test",
        "auth-server-url": "http://localhost:8080/",
        "ssl-required": "none",
        "resource": "test-client",
        "verify-token-audience": false,
        "credentials": {
        "secret": ""
        },
        "confidential-port": 0
    }
}

Example - Add Authorization

With Keycloak.AuthServices.Authorization, you can implement role-based authorization in your application. This package allows you to define policies based on roles. Also, you can use Keycloak as Authorization Server. It is a powerful way to organize and apply authorization polices centrally.

var builder = WebApplication.CreateBuilder(args);

var host = builder.Host;
var configuration = builder.Configuration;
var services = builder.Services;

services.AddKeycloakWebApiAuthentication(configuration);

services.AddAuthorization(options =>
    {
        options.AddPolicy("AdminAndUser", builder =>
        {
            builder
                .RequireRealmRoles("User") // Realm role is fetched from token
                .RequireResourceRoles("Admin"); // Resource/Client role is fetched from token
        });
    })
    .AddKeycloakAuthorization(configuration);

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();

app.MapGet("/hello", () => "[]")
    .RequireAuthorization("AdminAndUser");

app.Run();

Example - Invoke Admin API

var services = new ServiceCollection();
services.AddKeycloakAdminHttpClient(new KeycloakAdminClientOptions
{
    AuthServerUrl = "http://localhost:8080/",
    Realm = "master",
    Resource = "admin-api",
});

var sp = services.BuildServiceProvider();
var client = sp.GetRequiredService<IKeycloakRealmClient>();

var realm = await client.GetRealmAsync("Test");

Build and Development

dotnet cake --target build

dotnet cake --target test

dotnet pack -o ./Artefacts

Name		Name	Last commit message	Last commit date
Latest commit History 108 Commits
.github		.github
.vscode		.vscode
docs		docs
samples		samples
src		src
tests		tests
.editorconfig		.editorconfig
.gitattributes		.gitattributes
.gitignore		.gitignore
KeycloakAuthorizationServicesDotNet.sln		KeycloakAuthorizationServicesDotNet.sln
LICENSE.md		LICENSE.md
Nuget.Config		Nuget.Config
README.md		README.md
build.cake		build.cake
dotnet-tools.json		dotnet-tools.json
global.json		global.json
package-lock.json		package-lock.json
package.json		package.json

License

NikiforovAll/keycloak-authorization-services-dotnet

Folders and files

Latest commit

History

Repository files navigation

Keycloak.AuthServices

Documentation

Getting Started

Example - Add Authorization

Example - Invoke Admin API

Build and Development

About

Topics

Resources

License

Stars

Watchers

Forks

Languages