Samhammer.Authentication.Abstractions 6.1.2

.NET Standard 2.0
dotnet add package Samhammer.Authentication.Abstractions --version 6.1.2
NuGet\Install-Package Samhammer.Authentication.Abstractions -Version 6.1.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Samhammer.Authentication.Abstractions" Version="6.1.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Samhammer.Authentication.Abstractions --version 6.1.2
#r "nuget: Samhammer.Authentication.Abstractions, 6.1.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Samhammer.Authentication.Abstractions as a Cake Addin
#addin nuget:?package=Samhammer.Authentication.Abstractions&version=6.1.2

// Install Samhammer.Authentication.Abstractions as a Cake Tool
#tool nuget:?package=Samhammer.Authentication.Abstractions&version=6.1.2


This provides a way to secure your api with keycloak jwt bearer authentication.

How to add this to your project:
How to use:

Keycloak JWT Authentication

Add it to your api.

public void ConfigureServices(IServiceCollection services)

public void Configure(IApplicationBuilder app)

Api calls requires auhorization header with an JWT token from keycloak.

POST https://myapi/action HTTP/1.1
Auhorization: Bearer JwtTokenContent

If you pass "IConfiguration" instead of "Action<ApiAuthOptions>" to "AddKeycloak" add the following to appsettings.json:

"ApiAuthOptions": {
    "Issuer": "<<KeycloakTokenIssuerUrl>>",
    "ClientId": "<<ClientIdRepresentingYourApp>>",
    "NameClaim": "<<NameOfClaimWhichShouldBeSetToNameClaim>>"

NameClaim is optional and default value is "preferred_username"

Guest Authentication

Add it to your api.

public void ConfigureServices(IServiceCollection services)

Api calls requires header guestid with an "Version 4 UUID".

POST https://myapi/action HTTP/1.1
guestid: 1c11792b-538f-4908-992d-6570bb268e60

If you pass "IConfiguration" instead of "Action<GuestAuthOptions>" to "AddGuest" you can can override the default settings in appsettings.json:

"GuestAuthOptions": {
    "Enabled": true,
    "Name": "guest-[GuestID]",    
    "Role": "SomeGuestRole",
    "Validator": "[0-9a-fA-F]{8}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{4}\\-[0-9a-fA-F]{12}"

Mixed Authentication

You can also setup both authentication types. In the example below jwt keycloak will be the default.

public void ConfigureServices(IServiceCollection services)

You can setup your supported authentication types on each controller action per attribute.

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme + ", " + GuestAuthenticationDefaults.AuthenticationScheme)]
public async Task<IActionResult> ActionForBoth()

public async Task<IActionResult> ActionForGuests()


The library provides extension methods for authentication client. This library is using Duende.AccessTokenManagement under the hood.


Currently, we have the ClientCredentialsConfigureExtensions class which provides an extension method for ClientCredentialsClient to add a client with options monitor support. Ensure to call extension method AddClientCredentialsTokenManagement of Duende before!

How to use in Program.cs


builder.Services.AddClientCredentialsOptions<ApiAuthOptions>("defaultAuth", (client, authOptions) =>
    client.TokenEndpoint = authOptions.AccessTokenUrl;
    client.ClientId = authOptions.ClientId;
    client.ClientSecret = authOptions.ClientSecret;

    .AddHttpClient<TInterface, TService>())


How to publish a nuget package
  • Create a tag and let the github action do the publishing for you
Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Additional computed target framework(s)
Learn more about Target Frameworks and .NET Standard.
  • .NETStandard 2.0

    • No dependencies.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Samhammer.Authentication.Abstractions:

Package Downloads

Keycloak authentication for .NET Core projects

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
6.1.2 223 4/14/2023
6.1.1 380 4/10/2023
6.1.0 105 4/10/2023
6.0.2 170 3/30/2023
6.0.1 2,992 5/16/2022
6.0.0 4,707 1/20/2022
1.2.2 561 1/12/2022
1.1.0 8,870 6/8/2020