Keycloak.Net.Authorization
2.0.0
dotnet add package Keycloak.Net.Authorization --version 2.0.0
NuGet\Install-Package Keycloak.Net.Authorization -Version 2.0.0
<PackageReference Include="Keycloak.Net.Authorization" Version="2.0.0" />
paket add Keycloak.Net.Authorization --version 2.0.0
#r "nuget: Keycloak.Net.Authorization, 2.0.0"
// Install Keycloak.Net.Authorization as a Cake Addin
#addin nuget:?package=Keycloak.Net.Authorization&version=2.0.0
// Install Keycloak.Net.Authorization as a Cake Tool
#tool nuget:?package=Keycloak.Net.Authorization&version=2.0.0
Keycloak .Net Authorization
Authentication and Authorization with Keycloak in .NET and ASP.NET Core. Secure your api with Keycloak UMA authorization and JWT bearer authentication.
Add the Keycloak.Net.Authorization nuget package to your project. It will add also the Keycloak.Net.Authentication package used for token validation and authentication.
Api calls requires auhorization header with an JWT token from Keycloak.
POST https://yourapi/action HTTP/1.1
Auhorization: Bearer JwtTokenContent
How to use
Add to program.cs of your api
Add and configure Keycloak.Net.Authentication services - see README.md
using Keycloak.Net.Authentication;
using Keycloak.Net.Authorization;
new code π
.....
πnew code
builder.Services
// Keycloak.Net.Authentication services
.AddKeyCloakAuthentication()
.AddKeyCloakJwtBearerOptions("appsettings_section_name");
.....
app.UseAuthentication();
app.UseAuthorization();
Add and configure Keycloak.Net.Authorization
Configure using the Action<ClientConfiguration>
builder.Services
// Keycloak.Net.Authentication services
.AddKeyCloakAuthentication()
.AddKeyCloakJwtBearerOptions("appsettings_section_name");
.AddUma(client =>
{
client.ClientId = "client-role";
});
new code π
.....
πnew code
app.UseUma();
app.UseAuthentication();
app.UseAuthorization();
Configure by appsettings.{Environment}.json
builder.Services
// Keycloak.Net.Authentication services
.AddKeyCloakAuthentication()
.AddKeyCloakJwtBearerOptions("Appsettings_Section_Name")
.AddUma("Client_Section_Name);
new code π
.....
πnew code
app.UseUma();
app.UseAuthentication();
app.UseAuthorization();
Add to your appsettings.{Environment}.json
{
"Client_Section_Name": {
"ClientId": "<CLIENT_NAME>"
}
Extra AuthorizationOptions configuration can be added
.AddUma("Client", configure =>
{
configure.AddPolicy("<<policy_name>>", configure =>
{
configure.RequireClaim("<<claim_name>>", "<<claim_value>>");
});
configure.AddPolicy("<<policy_name>>", policy =>
{
policy.RequireUserName("<<username>>");
});
configure.AddPolicy("<<policy_name>>", policy =>
{
policy.RequireAuthenticatedUser();
});
configure.AddPolicy("<<policy_name>>", policy =>
{
policy.RequireRole("<<role_name>>");
});
})
Multitenant client support
builder.Services
// Keycloak.Net.Authentication services
.AddKeyCloakAuthentication()
.AddKeyCloakJwtBearerOptions("Appsettings_Section_Name")
.AddUma();
new code π
.....
πnew code
app.UseUma();
app.UseAuthentication();
app.UseAuthorization();
Add to your endpoints
MinimalAPI
Via custom extension method
app.MapGet("api/example", () =>
Results.Ok())
.RequireUmaAuthorization(resource: "<<resource>>", scope: "<<scope>>");
Via Attribute
app.MapGet("api/example", [Permission(Resource = "<<resource>>", Scope = "<<scope>>")] () =>
Results.Ok());
changings from previous version
Via ASP.NET extension method. The policy string format is: Permission:<<resource>>:<<scope>>
app.MapGet("api/example", () =>
Results.Ok())
.RequireAuthorization("Permission:<<resource>>:<<scope>>");
Multitenant implementation
app.MapGet("api/example", () =>
Results.Ok())
.RequireAuthorization("Permission:<<resource>>:<<scope>>")
.WithClient("<<client name>>);
How it works
The UseUMA
middleware exchange the JWT of the request with a RPT received from Keycloak auth server after validating the realm access permission.
The RPT contains the permission granted by the auth server, and is used to authorize access of the resources.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net8.0
- Keycloak.Net.Authentication (>= 2.0.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
2.0.0 | 97 | 2/20/2024 |
1.0.3 | 106 | 1/27/2024 |
1.0.2 | 83 | 1/24/2024 |
1.0.2-rc0.2 | 56 | 1/23/2024 |