Quick start for client rest api using Keycloack.
Package | Version | Description |
---|---|---|
Quick.Keycloack.client |
1.0 |
docker run -p 8082:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak start-dev
-
create a realm "Test"
-
create a user test
-
set user password
-
create a client testapi width url http://localhost:5130 (Quick.Keycloack.Sample launching settings)
- config client
Replace url https://localhost:7217 by http://localhost:5130 in this screen view sample
- Create realm role "RealAdmin"
- map user role "RealAdmin"
nota: for this example api rest is only on http (not https)
- Add "builder.AddKeycloakTokenJWT();" in your program.cs
// Program.cs
using Quick.Keycloak.Client;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("admin", policy => policy.RequireClaim(ClaimTypes.Role, "RealAdmin"));
});
builder.Services.AddControllers();
builder.AddQuickKeycloakTokenJWT();
var app = builder.Build();
// Configure the HTTP request pipeline.
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
- Modify file appsettings.json and add a new section adaptor configs of your client keycloak
and fill appsettings.json like below
"KeycloackAdatpter": {
"realm": "test",
"auth-server-url": "http://localhost:8080/",
"ssl-required": "external",
"resource": "testapi",
"public-client": true,
"confidential-port": 0
}
- secure controller with Authorize attribute
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme,Policy = "admin") ] [ApiController] [Route("[controller]")] public class WeatherForecastController : ControllerBase {
you can transform your claim as you want using Action<ClaimsIdentity> transformClaim
public static void AddQuickKeycloakTokenJWT(this WebApplicationBuilder builder, Action<ClaimsIdentity> transformClaim =null)
public static void AddQuickKeycloakTokenJWT(this WebApplicationBuilder builder, KeyCloackAdapterOption keyCloackAdapterOption, Action<ClaimsIdentity> transformClaim = null)
parameter "Action" can be use to transform principal claimidentity to your custom role
like this for example :
builder.AddQuickKeycloakTokenJWT(claim =>
{
var userRoleRealm = claim.FindFirst((claim) => claim.Type == "realm_access");
if (userRoleRealm != null)
{
var realmAccess = JsonConvert.DeserializeObject<RealmAccess>(userRoleRealm.Value);
if (realmAccess != null)
foreach (var role in realmAccess.roles)
{
claim.AddClaim(new Claim(ClaimTypes.Role, role));
}
}
});
See project ApiDemo
dotnet build --configuration release ./Quick.Keycloack.client.csproj
dotnet pack -o ./Artefacts ./Quick.Keycloack.client.csproj