Xeku.Keycloak.WebApi 0.0.0.7

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package Xeku.Keycloak.WebApi --version 0.0.0.7
                    


                    

                
NuGet\Install-Package Xeku.Keycloak.WebApi -Version 0.0.0.7
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Xeku.Keycloak.WebApi" Version="0.0.0.7" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Xeku.Keycloak.WebApi" Version="0.0.0.7" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Xeku.Keycloak.WebApi" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Xeku.Keycloak.WebApi --version 0.0.0.7
                    


                    

                
#r "nuget: Xeku.Keycloak.WebApi, 0.0.0.7"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Xeku.Keycloak.WebApi@0.0.0.7
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Xeku.Keycloak.WebApi&version=0.0.0.7
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Xeku.Keycloak.WebApi&version=0.0.0.7
                    


                            Install as a Cake Tool

Xeku.Keycloak.WebApi

This module facilitates the integration of Keycloak JWT authentication into DevExpress XAF Web API applications (v22.2+). It supports hybrid authentication, allowing both XAF's native authentication and Keycloak's external authentication to coexist.

Features

  • Hybrid Authentication: Seamlessly supports both XAF native JWT and Keycloak JWT tokens.
  • Smart Routing: Automatically routes authentication requests to the correct scheme based on the Token Issuer using ForwardDefaultSelector.
  • User Mapping: Provides a generic KeycloakAuthenticationProvider to map Keycloak users (via preferred_username) to XAF application users.
  • Easy Configuration: Simple appsettings.json configuration.

Installation

  1. NuGet Package:
dotnet add package Xeku.Keycloak.WebApi
  1. In your Startup.cs or Program.cs:
using Xeku.Keycloak.WebApi;
// ...

public void ConfigureServices(IServiceCollection services)
{
    // ...
    services.AddXafAspNetCoreSecurity(Configuration, options =>
    {
        // ...
    })
    .AddAuthenticationStandard(options =>
    {
        options.IsSupportChangePassword = true;
    })
    // 1. Register Keycloak Authentication Provider (Replace ApplicationUser with your XAF user class)
    .AddAuthenticationProvider<KeycloakAuthenticationProvider<ApplicationUser>>();

    // ...

    // 2. Register Keycloak Web API Services
    services.AddXekuKeycloakWebApi<ApplicationUser>(Configuration);
    // ...
}

Configuration

Add the following section to your appsettings.json:

{
  "Authentication": {
    "Keycloak": {
      "Authority": "http://localhost:8080/realms/your-realm",
      "Audience": "your-client-id",
      "RequireHttpsMetadata": false, // Set to true in production
      "NameClaimType": "preferred_username" // Optional, default is "preferred_username"
    }
  }
}

Important Keycloak Configuration

This module enables Audience Validation (ValidateAudience = true) by default for security. You MUST configure a mapper in Keycloak, otherwise you will encounter 401 Unauthorized errors.

Follow these steps to configure the Audience Mapper:

  1. Log in to the Keycloak Admin Console.
  2. Go to Clients → Select your Client (e.g., xekuweb).
  3. Go to the Client scopes tab.
  4. Click on xekuweb-dedicated (usually named <client-id>-dedicated).
  5. Click Add mapperBy configuration.
  6. Select Audience.
  7. In the configuration page:
    • Name: Enter Audience Mapper (or any name).
    • Included Client Audience: Enter your Client ID (e.g., xekuweb).
    • Add to access token: Toggle On.
  8. Click Save.

After this configuration, the Access Token issued by Keycloak will include your Client ID in the aud claim, allowing validation to pass.

How It Works

  1. Token Validation: The module adds a JWT Bearer handler named "Keycloak".
  2. Request Routing: It intercepts the Authorization header. If the token's Issuer matches the configured Keycloak Authority, the request is forwarded to the "Keycloak" handler. Otherwise, it falls back to the default handler (XAF).
  3. User Resolution: Once validated, the KeycloakAuthenticationProvider extracts the user name (from preferred_username) and searches for a matching ApplicationUser in the XAF database. If found, the user is logged in.

Cache Integration (Optional)

Inject ICacheService into KeycloakAuthenticationProvider for improved user lookup performance:

// Register with caching
services.AddSingleton<IAuthenticationProvider>(sp =>
    new KeycloakAuthenticationProvider<ApplicationUser>(
        sp.GetRequiredService<IHttpContextAccessor>(),
        options,
        sp.GetRequiredService<ILogger<KeycloakAuthenticationProvider<ApplicationUser>>>(),
        sp.GetRequiredService<ICacheService>()  // Optional cache service
    ));
Cache Key TTL Description
keycloak:user:{userName} 5 min User lookup result

Requirements

  • .NET 6.0 or higher (Targeting .NET 8.0)
  • DevExpress XAF 22.2 or higher
  • Xeku.Cache (optional, for caching support)
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.0.0.7 96 1/28/2026
0.0.0.6 95 1/21/2026
0.0.0.5 94 1/15/2026
0.0.0.4 99 1/13/2026
0.0.0.3 101 1/9/2026
0.0.0.2 109 1/8/2026