Announcement

May 10th, 2024

Use Keycloak as Identity Provider from Blazor WebAssembly (WASM) applications aspnetcore dotnet auth keycloak

I’m happy to announce the release of Keycloak.AuthServices 2.3.0 packages 🎉. The release includes Protected Resource Builder, Improved Observability including OpenTelemetry support, and more! 🙌

Check out the documentation to see all the cool new features and improvements: https://nikiforovall.github.io/keycloak-authorization-services-dotnet/

Join us on Discord:

Package	Version	Description
`Keycloak.AuthServices.Authentication`		Keycloak Authentication for API and Web Apps
`Keycloak.AuthServices.Authorization`		Authorization Services. Keycloak Authorization Server integration ✨
`Keycloak.AuthServices.Sdk`		HTTP API integration with Admin API and Protection API
`Keycloak.AuthServices.Sdk.Kiota`		HTTP API integration for Admin API based on OpenAPI
`Keycloak.AuthServices.OpenTelemetry`		OpenTelemetry support

Changelog

👷‍♂️ Protected Resource Builder
- Minimal API
- MVC
🎭 Improved Role Claim Transformation
🆕 Added OpenTelemetry support Keycloak.AuthServices.OpenTelemetry
🗒️ Added improved docs - added “Maintenance” section and more!

Protected Resource Builder - Minimal API

Protected Resource Builder approach provides a convenient way to authorize resources, making it easier to manage and maintain authorization rules using Authorization Server. No need to register policies!

var builder = WebApplication.CreateBuilder(args);
var services = builder.Services;

services
    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddKeycloakWebApi(builder.Configuration);

services
    .AddAuthorization()
    .AddKeycloakAuthorization()
    .AddAuthorizationServer(builder.Configuration);

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();


app.MapGet("/workspaces", () => "Hello World!") 
    .RequireProtectedResource("workspaces", "workspace:read"); 
app.Run();

Protected Resource Builder - MVC

// Program.cs
var builder = WebApplication.CreateBuilder(args);
var services = builder.Services;

services.AddControllers(options => options.AddProtectedResources()); 

services
    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddKeycloakWebApi(context.Configuration);

services
    .AddAuthorization()
    .AddKeycloakAuthorization()
    .AddAuthorizationServer(context.Configuration);

var app = builder.Build();

app.UseHttpsRedirection();

app.UseAuthorization();

app.MapControllers();

app.Run();

Here is how to use it in Controllers:

[ApiController]
[Route("workspaces")]
[ProtectedResource("workspaces")]
public class WorkspacesController : ControllerBase
{
    [HttpGet]
    [ProtectedResource("workspaces", "workspace:list")]
    public ActionResult<IEnumerable<string>> GetWorkspacesAsync() => this.Ok(Array.Empty<string>());

    [HttpGet("public")]
    [IgnoreProtectedResource]
    public IActionResult GetPublicWorkspaceAsync() => this.Ok(new { Id = "public" });

    [HttpGet("{id}")]
    [ProtectedResource("{id}", "workspace:read")]
    public IActionResult GetWorkspaceAsync(string id) => this.Ok(new { id });

    [HttpDelete("{id}")]
    [ProtectedResource("{id}", "workspace:delete")]
    public IActionResult DeleteWorkspaceAsync(string id) =>
        string.IsNullOrWhiteSpace(id) ? this.BadRequest() : this.NoContent();
}

See: https://nikiforovall.github.io/keycloak-authorization-services-dotnet/authorization/protected-resource-builder.html

Improved Claims Transformation

You can now map both Realm Roles and Client Roles.

See the docs for more details.

OpenTelemetry support

var builder = WebApplication.CreateBuilder(args);
var services = builder.Services;

builder.Logging.AddOpenTelemetry(logging =>
{
    logging.IncludeFormattedMessage = true;
    logging.IncludeScopes = true;
});

services
    .AddOpenTelemetry()
    .WithMetrics(metrics =>
        metrics
            .AddAspNetCoreInstrumentation()
            .AddHttpClientInstrumentation()
            .AddKeycloakAuthServicesInstrumentation() // <-- add this
    )
    .WithTracing(tracing =>
        tracing
            .AddAspNetCoreInstrumentation()
            .AddHttpClientInstrumentation()
            .AddKeycloakAuthServicesInstrumentation() // <-- add this
    )
    .UseOtlpExporter();

See the docs for more details.

Maintenance Documentation

Includes common recipes and troubleshooting guidelines.

See the docs for more details.

Feedback

I’m excited to hear your thoughts and suggestions! Please let me know which aspects of the functionality you’d like me to explore in the next blog post. Leave your recommendations in the comments section below. Your feedback is greatly appreciated! 🙏

Oleksii Nikiforov

Jibber-jabbering about programming and IT.

N+1 Blog

Announcement - Keycloak.AuthServices v2.3.0 is out 🎉!

Using Keycloak in .NET Aspire projects dotnet aspnetcore keycloak

Announcement - Keycloak.AuthServices v2.0.0 is out 🎉! aspnetcore dotnet keycloak auth

Keycloak as Authorization Server in .NET aspnetcore dotnet auth keycloak

Use Keycloak as Identity Provider from Blazor WebAssembly (WASM) applications aspnetcore dotnet auth keycloak

Announcement

Changelog

Protected Resource Builder - Minimal API

Protected Resource Builder - MVC

Improved Claims Transformation

OpenTelemetry support

Maintenance Documentation

Feedback

Oleksii Nikiforov

Announcement - Keycloak.AuthServices v2.3.0 is out 🎉!

Using Keycloak in .NET Aspire projects dotnet aspnetcore keycloak

Announcement - Keycloak.AuthServices v2.0.0 is out 🎉! aspnetcore dotnet keycloak auth

Keycloak as Authorization Server in .NET aspnetcore dotnet auth keycloak

Use Keycloak as Identity Provider from Blazor WebAssembly (WASM) applications aspnetcore dotnet auth keycloak

Announcement

Changelog

Protected Resource Builder - Minimal API

Protected Resource Builder - MVC

Improved Claims Transformation

OpenTelemetry support

Maintenance Documentation

Feedback

Share Post

Oleksii Nikiforov