Getting Started

Demonstrates how to setup JWT Bearer Authentication based on Keycloak as OpenID Connect Identity Provider.

Keycloak may be used as a fully-compatible OpenID Connect (OIDC) provider.

Register Client

All you need to do is to register Keycloak Client.

1. Create AuthZ realm

2. Navigate to "Clients" section

3. Create client named "workspace-authz". Save

4. Navigate to "Installation" tab and download installation file

5. Save file to the root of your project and name it "keycloak.json"

Register workspace-authz client

Here is how an installation file might look like:

{
  "realm": "authz",
  "auth-server-url": "http://localhost:8088/auth/",
  "ssl-required": "external",
  "resource": "workspace-authz",
  "public-client": true,
  "confidential-port": 0
}

You can use host.ConfigureKeycloakConfigurationSource() to hook up Keycloak Authentication from the installation file. This approach relies on reasonable defaults and some Keycloak conventions. See AddKeycloakAuthentication definition for more details.

var builder = WebApplication.CreateBuilder(args);

var host = builder.Host;
var configuration = builder.Configuration;
var services = builder.Services;

host.ConfigureKeycloakConfigurationSource();
services.AddKeycloakAuthentication(configuration);

var app = builder.Build();

app.UseAuthentication();

app.MapGet("/workspaces", () => "[]");
    
app.Run();

Also, you may want to abandon the idea of using the installation file and use KeycloakInstallationOptions instead.