Keycloak.AuthServices.Common
1.4.1
Prefix Reserved
See the version list below for details.
dotnet add package Keycloak.AuthServices.Common --version 1.4.1
NuGet\Install-Package Keycloak.AuthServices.Common -Version 1.4.1
<PackageReference Include="Keycloak.AuthServices.Common" Version="1.4.1" />
paket add Keycloak.AuthServices.Common --version 1.4.1
#r "nuget: Keycloak.AuthServices.Common, 1.4.1"
// Install Keycloak.AuthServices.Common as a Cake Addin #addin nuget:?package=Keycloak.AuthServices.Common&version=1.4.1 // Install Keycloak.AuthServices.Common as a Cake Tool #tool nuget:?package=Keycloak.AuthServices.Common&version=1.4.1
Keycloak.AuthServices
Easy Authentication and Authorization with Keycloak in .NET and ASP.NET Core.
| Package | Version | Description |
|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|
| Keycloak.AuthServices.Authentication
| | Keycloak Authentication JWT + OICD |
| Keycloak.AuthServices.Authorization
| | Authorization Services. Use Keycloak as authorization server |
| Keycloak.AuthServices.Sdk
| | HTTP API integration with Keycloak |
Example
Demonstrates how to add JWT-based authentication and custom authorization policy.
var builder = WebApplication.CreateBuilder(args);
var host = builder.Host;
var configuration = builder.Configuration;
var services = builder.Services;
host.ConfigureKeycloakConfigurationSource();
// conventional registration from keycloak.json
services.AddKeycloakAuthentication(configuration);
services.AddAuthorization(options =>
{
options.AddPolicy("RequireWorkspaces", builder =>
{
builder.RequireProtectedResource("workspaces", "workspaces:read") // HTTP request to Keycloak to check protected resource
.RequireRealmRoles("User") // Realm role is fetched from token
.RequireResourceRoles("Admin"); // Resource/Client role is fetched from token
});
})
.AddKeycloakAuthorization(configuration);
var app = builder.Build();
app.UseAuthentication()
.UseAuthorization();
app.MapGet("/workspaces", () => "[]")
.RequireAuthorization("RequireWorkspaces");
app.Run();
Keycloak.AuthServices.Authentication
Keycloak.AuthServices.Authentication
Add OpenID Connect + JWT Bearer token authentication.
// add configuration from keycloak file
host.ConfigureKeycloakConfigurationSource("keycloak.json");
// add authentication services, OICD JwtBearerDefaults.AuthenticationScheme
services.AddKeycloakAuthentication(configuration, o =>
{
o.RequireHttpsMetadata = false;
});
Client roles are automatically transformed into user role claims KeycloakRolesClaimsTransformation.
See Keycloak.AuthServices.Authentication - README.md
Keycloak installation file:
// confidential client
{
"realm": "<realm>",
"auth-server-url": "http://localhost:8088/auth/",
"ssl-required": "external", // external | none
"resource": "<clientId>",
"verify-token-audience": true,
"credentials": {
"secret": ""
}
}
// public client
{
"realm": "<realm>",
"auth-server-url": "http://localhost:8088/auth/",
"ssl-required": "external",
"resource": "<clientId>",
"public-client": true,
"confidential-port": 0
}
Keycloak.AuthServices.Authorization
Keycloak.AuthServices.Authorization
services.AddAuthorization(authOptions =>
{
authOptions.AddPolicy("<policyName>", policyBuilder =>
{
// configure policies here
});
}).AddKeycloakAuthorization(configuration);
See Keycloak.AuthServices.Authorization - README.md
Keycloak.AuthServices.Sdk
Keycloak API clients.
Service | Description |
---|---|
IKeycloakClient | Unified HTTP client - IKeycloakRealmClient, IKeycloakProtectedResourceClient |
IKeycloakRealmClient | Keycloak realm API |
IKeycloakProtectedResourceClient | Protected resource API |
IKeycloakUserClient | Keycloak user API |
IKeycloakProtectionClient | Authorization server API, used by AddKeycloakAuthorization |
// requires confidential client
services.AddKeycloakAdminHttpClient(keycloakOptions);
// based on token forwarding HttpClient middleware and IHttpContextAccessor
services.AddKeycloakProtectionHttpClient(keycloakOptions);
See Keycloak.AuthServices.Sdk - README.md
Build and Development
dotnet cake --target build
dotnet pack -o ./Artefacts
Blog Posts
Reference
- https://github.com/thinktecture-labs/webinar-keycloak
- https://github.com/thinktecture-labs/webinar-keycloak-authorization
- https://github.com/elmankross/Jboss.AspNetCore.Authentication.Keycloak/
- https://github.com/mikemir/AspNetCore.KeycloakAuthentication/
- https://github.com/lvermeulen/Keycloak.Net
- https://github.com/keycloak/keycloak-documentation/blob/main/authorization_services/topics/service-authorization-uma-authz-process.adoc
- https://www.keycloak.org/docs/latest/authorization_services/index.html
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
NuGet packages (2)
Showing the top 2 NuGet packages that depend on Keycloak.AuthServices.Common:
Package | Downloads |
---|---|
Keycloak.AuthServices.Sdk
HttpClient integration with Keycloak. Includes HTTP Admin REST API, Protection API. |
|
Keycloak.AuthServices.Sdk.Kiota
Keycloak HTTP Admin API generated by Kiota |
GitHub repositories (1)
Showing the top 1 popular GitHub repositories that depend on Keycloak.AuthServices.Common:
Repository | Stars |
---|---|
NikiforovAll/keycloak-authorization-services-dotnet
Authentication and Authorization with Keycloak and ASP.NET Core 🔐
|
Version | Downloads | Last updated |
---|---|---|
2.5.3 | 24,382 | 8/19/2024 |
2.5.2 | 30,476 | 6/15/2024 |
2.5.1 | 600 | 6/11/2024 |
2.5.0 | 8,700 | 6/2/2024 |
2.4.1 | 6,559 | 5/16/2024 |
2.4.0 | 747 | 5/12/2024 |
2.3.0 | 319 | 5/10/2024 |
2.3.0-pre-1 | 122 | 5/9/2024 |
2.2.1 | 605 | 5/9/2024 |
2.2.0 | 187 | 5/8/2024 |
2.1.0 | 2,623 | 5/7/2024 |
2.0.0 | 585 | 5/5/2024 |
2.0.0-pre-4 | 137 | 5/4/2024 |
2.0.0-pre-3 | 194 | 4/26/2024 |
2.0.0-pre-2 | 130 | 4/25/2024 |
2.0.0-pre-1 | 258 | 4/24/2024 |
1.7.0 | 2,793 | 4/23/2024 |
1.6.0 | 89,765 | 10/25/2023 |
1.5.2 | 71,523 | 5/27/2023 |
1.5.1 | 50,304 | 1/17/2023 |
1.5.0 | 603 | 1/17/2023 |
1.4.1 | 1,013 | 1/12/2023 |
1.4.0 | 501 | 1/4/2023 |
1.3.0 | 1,079 | 12/28/2022 |
1.2.1 | 9,795 | 9/22/2022 |
1.2.0 | 724 | 8/24/2022 |
1.1.0 | 14,808 | 1/30/2022 |
1.0.5 | 141 | 1/29/2022 |
1.0.4 | 3,327 | 1/28/2022 |
1.0.3 | 127 | 1/28/2022 |
1.0.2 | 132 | 1/23/2022 |
1.0.1 | 654 | 1/19/2022 |