Identity Provider: Keycloak-9.0.0 .net version: 4.5.2
Basically i am trying to integrate c# webapi service as shown in the below.
I have used the Keycloak connector( https://github.com/mattmorg55/Owin.Security.Keycloak ) for C# which is designed as an OWIN authentication middleware component
With the keycloak sample i get errors. But i am not sure if the the call gets forwarded to keycloak for validation instead i get an error.
startup class
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Bearer"
});
app.UseKeycloakAuthentication(new KeycloakAuthenticationOptions
{
Realm = "test_keycloak",
ClientId = "test",
ClientSecret = "9f25fd55-851f-4eed-9fb9-24a0a0e4ff11",
KeycloakUrl = "http://localhost:8080/auth",
AuthenticationType = "Bearer",
SignInAsAuthenticationType = "Bearer",
AllowUnsignedTokens = false,
DisableIssuerSigningKeyValidation = false,
DisableIssuerValidation = false,
UseRemoteTokenValidation = true,
EnableWebApiMode = true,
DisableAudienceValidation = false,
Scope= "openid",
});
}
I don't see any logs in keycloak. What could be going wrong ? how do i debug?
Since its a standard Oauth2 flow, will i be able do use Microsoft.Owin.Security.OpenIdConnect for the token validation?
For example in java spring security has easy configurations for the same(with jwt-cert -url)
Need your inputs!
I could solve with microsoft.owin.security.jwt as well. Here is the code.
Note: haven't done exception handling. just basic code.
public void Configuration(IAppBuilder app) {
HttpClient htpp = new HttpClient();
var keysResponse = htpp.GetAsync("https://<FQDN of keycloak>/auth/realms/<realm>/protocol/openid-connect/certs").Result;
var rawKeys = keysResponse.Content.ReadAsStringAsync().Result;
Microsoft.IdentityModel.Tokens.JsonWebKeySet jsonWebKeySet = JsonConvert.DeserializeObject<Microsoft.IdentityModel.Tokens.JsonWebKeySet>(rawKeys);
app.UseJwtBearerAuthentication(
new JwtBearerAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ExternalBearer,
AuthenticationMode = AuthenticationMode.Active,
Realm = <realm>",
TokenValidationParameters = new TokenValidationParameters() {
AuthenticationType = "Bearer",
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
ValidAudiences = new string[] { <clientID> },
ValidIssuer = "<FQDN of keycloak>/auth/realms/<realm>",
ValidateLifetime = true,
ValidateAudience = true,
IssuerSigningKeys = jsonWebKeySet.GetSigningKeys(),
}
});
}