Nedo.AspNet.Authentication.Keycloak 2.0.9

.NET 9.0

dotnet add package Nedo.AspNet.Authentication.Keycloak --version 2.0.9

NuGet\Install-Package Nedo.AspNet.Authentication.Keycloak -Version 2.0.9

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Nedo.AspNet.Authentication.Keycloak" Version="2.0.9" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Nedo.AspNet.Authentication.Keycloak" Version="2.0.9" />
                    

                            Directory.Packages.props

<PackageReference Include="Nedo.AspNet.Authentication.Keycloak" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Nedo.AspNet.Authentication.Keycloak --version 2.0.9

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Nedo.AspNet.Authentication.Keycloak, 2.0.9"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package Nedo.AspNet.Authentication.Keycloak@2.0.9

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=Nedo.AspNet.Authentication.Keycloak&version=2.0.9
                    

                            Install as a Cake Addin

#tool nuget:?package=Nedo.AspNet.Authentication.Keycloak&version=2.0.9
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Nedo.AspNet.Authentication.Keycloak

Keycloak as the canonical token issuer (JWT-bearer pattern). Your API trusts Keycloak's JWTs, validates them, and uses the result for authorization. Keycloak's realm_access.roles and resource_access.<client>.roles are auto-mapped to ASP.NET Core's ClaimTypes.Role so [Authorize(Roles = "admin")] just works.

Looking for Keycloak as a sign-in option that mints your own JWTs? That's AddKeycloakSignIn in this same package — see docs/providers/social/keycloak.md. The two patterns coexist.

Install

dotnet add package Nedo.AspNet.Authentication.Keycloak

Quickstart — JWT bearer (resource server)

using Nedo.AspNet.Authentication.Keycloak;

builder.Services.AddKeycloak(opts =>
{
    opts.ServerUrl = "https://keycloak.example.com";
    opts.Realm     = "my-realm";
    opts.Audience  = "my-api";
});

builder.Services.AddAuthorization();
builder.Services.AddHttpContextAccessor();
builder.Services.AddScoped<IAuthContext, AuthContext>();

var app = builder.Build();
app.UseAuthentication();
app.UseNedoAuthContext();
app.UseAuthorization();

app.MapGet("/admin", (IAuthContext auth) => auth.UserId)
   .RequireAuthorization(p => p.RequireRole("admin"));

builder.Services.AddKeycloakSignIn(opts =>
{
    opts.ServerUrl       = "https://keycloak.example.com";
    opts.Realm           = "my-realm";
    opts.ClientId        = "my-spa";
    opts.ClientSecret    = builder.Configuration["Keycloak:Secret"];
    opts.FrontendOrigin  = "https://app.example.com";
});

app.MapKeycloakAuth();   // /auth/keycloak/start, /auth/keycloak/callback (popup + postMessage)

The popup flow exchanges the Keycloak code for a Nedo session via ExternalSignInService — your app issues its own JWTs, with Keycloak link metadata stored in nedo_external_logins. Pair with Nedo.AspNet.Authentication.Local.

Claims auto-mapping

Keycloak claim shape	Mapped to
`realm_access.roles: ["admin", "manager"]`	`ClaimTypes.Role` (one per value)
`resource_access.<client>.roles: ["editor"]`	`ClaimTypes.Role` (one per value)
`preferred_username`	`ClaimTypes.Name`
`email`	`ClaimTypes.Email`

Customize via INedoClaimsTransformer from Nedo.AspNet.Authentication.Claims.

Docs

docs/04-identity-providers.md — JWT-bearer pattern walkthrough.
docs/providers/social/keycloak.md — sign-in flow.
docs/integration-react.md — React + Keycloak end-to-end.

License

MIT — see LICENSE.

Product	Compatible and additional computed target framework versions.
.NET	net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net9.0
- Nedo.AspNet.Authentication (>= 2.0.9)
- Nedo.AspNet.Authentication.Claims (>= 2.0.9)
- Nedo.AspNet.Authentication.Local (>= 2.0.9)
- Nedo.AspNet.Authentication.Oidc (>= 2.0.9)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
2.0.9	100	5/11/2026
2.0.8	95	5/6/2026
2.0.7	79	5/5/2026
2.0.6	83	5/5/2026
2.0.4	84	5/4/2026
2.0.3	87	5/4/2026
2.0.2	88	5/2/2026
2.0.1	92	5/2/2026
2.0.0	84	5/1/2026