# Getting Started

Keycloak may be used as a fully-compatible OpenID Connect (OIDC) provider. 

### Register Client

All you need to do is to register Keycloak Client.

1. Create AuthZ realm
2. Navigate to "*Clients"* section
3. Create client named "workspace-authz". Save
4. Navigate to "Installation" tab and download installation file
5. Save file to the root of your project and name it "keycloak.json"

![Register workspace-authz client](https://media.githubusercontent.com/media/NikiforovAll/keycloak-authorization-services-dotnet/main/assets/install-keycloak.png)

Here is how an installation file might look like:

```json
{
  "realm": "authz",
  "auth-server-url": "http://localhost:8088/auth/",
  "ssl-required": "external",
  "resource": "workspace-authz",
  "public-client": true,
  "confidential-port": 0
}
```

You can use `host.ConfigureKeycloakConfigurationSource()` to hook up Keycloak Authentication from the installation file. This approach relies on reasonable defaults and some Keycloak conventions. See  [AddKeycloakAuthentication](https://github.com/NikiforovAll/keycloak-authorization-services-dotnet/blob/main/src/Keycloak.AuthServices.Authentication/ServiceCollectionExtensions.cs#L21) definition for more details. 

```csharp
var builder = WebApplication.CreateBuilder(args);

var host = builder.Host;
var configuration = builder.Configuration;
var services = builder.Services;

host.ConfigureKeycloakConfigurationSource();
services.AddKeycloakAuthentication(configuration);

var app = builder.Build();

app.UseAuthentication();

app.MapGet("/workspaces", () => "[]");
    
app.Run();
```

Also, you may want to abandon the idea of using the installation file and use `KeycloakInstallationOptions` instead. 

###