Feijuca.Keycloak.MultiTenancy 1.9.1

Suggested Alternatives

Feijuca.Auth

Additional Details

This package is an old version and it is no longer maintained.
Please, use the package Feijuca.Auth.

The owner has unlisted this package. This could mean that the package is deprecated, has security vulnerabilities or shouldn't be used anymore.
dotnet add package Feijuca.Keycloak.MultiTenancy --version 1.9.1                
NuGet\Install-Package Feijuca.Keycloak.MultiTenancy -Version 1.9.1                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Feijuca.Keycloak.MultiTenancy" Version="1.9.1" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Feijuca.Keycloak.MultiTenancy --version 1.9.1                
#r "nuget: Feijuca.Keycloak.MultiTenancy, 1.9.1"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Feijuca.Keycloak.MultiTenancy as a Cake Addin
#addin nuget:?package=Feijuca.Keycloak.MultiTenancy&version=1.9.1

// Install Feijuca.Keycloak.MultiTenancy as a Cake Tool
#tool nuget:?package=Feijuca.Keycloak.MultiTenancy&version=1.9.1                

WIP

MIT License

Built with: <img src="https://img.shields.io/badge/dotnet8-blue" />

Prerequisites: ๐Ÿ“‹

This project was made with the purpose to attend only applications that follows the current .Net Supported versions.

Why Feijuca? ๐Ÿซ˜

Feijuca is a nickname for a famous Brazilian dish called Feijoada. I wanted to use a name representing my country on this project, and Feijuca was chosen.

About the project: ๐Ÿงพ

This repository aims to provide a configuration option for .NET projects that are using or planning to use Keycloak for authentication and authorization. The project consists of two distinct parts:

  1. Feijuca.Keycloak.Auth.MultiTenancy
  2. Feijuca.Keycloak.TokenManager

Attention: ๐Ÿซต

The projects work in isolation way, there is no dependency between them. You do not need use one to use other, note that each project has different purpose.

Below, you can understand better the purpose about which one project. ๐Ÿ‘‡

Feijuca.Keycloak.Auth.MultiTenancy ๐Ÿ’ป

It is a NuGet package that enables the implementation of multi-tenancy concepts using Keycloak. With this package, each realm acts as a different tenant, allowing for unique configurations for each one. This ensures that each tenant within your application can have its own settings and configurations within Keycloak.

Features โ›ฒ

With this package you can:

  • Use all Keycloak features following a multi-tenancy concept based on your realms, so you can handle different configurations based on each tenant (realm).
  • Get information from a token, such as: finding claims, finding out which tenant this token belongs to, which user this token belongs to, and so on. (See more)
  • (If you want to implement a feature to retrieve something else related to the token, open a PR)

Getting Started on Feijuca.Keycloak.Auth.MultiTenancy

  • Prerequisites It is assumed that you already have your Keycloak instance configured, including the creation of clients with their respective settings (scopes, etc.).

  • Keycloak configuration steps:

      1. Configuring audience: Create a new audience related to the scopes used your client and include the audience on your client: image This step is important and mandatory because on each request received the tool will validate the token audience.
  • Project configurations steps:

      1. appsettings.json Filled out appsettings file on your application, relate all of yours realms (tenants) sh { "AuthSettings": { "Realms": [ { "Name": "yourTenantName1", "Audience": "your-audience-defined-on-step1", "Issuer": "https://url-keycloakt/realms/yourTenantName1" }, { "Name": "yourTenantName2", "Audience": "your-audience-defined, "Issuer": "https://url-keycloakt/realms/yourTenantName2" }, { "Name": "yourTenantName3", "Audience": "your-audience-defined", "Issuer": "https://url-keycloakt/realms/yourTenantName3" } ], "ClientId": "your-client-id", "ClientSecret": "your-client-secret", "AuthServerUrl": "https://url-keycloak" } }
      1. Get appsettings values:

        Map appsettings configurations values (Note that AuthSettings is a model defined on Feijuca.Keycloak.Auth.MultiTenancy, I recommend you use the GetSection method to map the appsettings configs to the AuthSettings model:

        var settings = configuration.GetSection("AuthSettings").Get<AuthSettings>();
        
      1. Add dependency:

        Add the service to the service collection from your application, I recommend you create a new extension method as below:

      public static class AuthExtension
       {
           public static IServiceCollection AddApiAuthentication(this IServiceCollection services, AuthSettings authSettings)
           {
               services.AddHttpContextAccessor();
               services.AddSingleton<JwtSecurityTokenHandler>();
               services.AddKeyCloakAuth(authSettings!);
      
               return services;
           }
       }  
      

      And after it, call it on your Program.cs:

      builder.Services.AddApiAuthentication(applicationSettings.AuthSettings);      
      
      1. Conclusion:

        Your configs should be like:

        image

        And with this configuration you should be able to use Keycloak following a multi tenancy contenxt using .NET.

        Following this link you can understand what is the logic used to validate the token received.

Feijuca.Keycloak.TokenManager ๐Ÿ‘จ๐Ÿฝโ€๐Ÿ’ป

Managing certain actions in the Keycloak API can be complicated. For example, creating a new user involves several steps: obtaining a token, creating the user, setting attributes, and setting a password. Feijuca.Keycloak.TokenManager aims to simplify these processes and abstract the complexity related to Keycloak API calls.

Feijuca.Keycloak.TokenManager is an API that abstracts, facilitates and simplifies calls to perform actions in Keycloak. Over time, the goal is to encapsulate multiple Keycloak endpoints, making it easier to perform actions that would be more complex using just the Keycloak API.

Features โ›ฒ

  • Every action in one place. Forget about call multiples endpoints to do actions about users on keycloak. Do actions related to the user (Creation, remotion, e-mail confirming, password redefinition, and so on) based on predefined endpoints.
  • Custom endpoints based on your necessities (If you think it could be helpful to the project, open a PR to discuss additional features).

Getting Started - Using Token Manager Api

  • Keycloak configuration steps:
      1. Giving permissions to the realm: To be possible manage users using the Keycloak Api, it is necessary to provide some permissions on your keycloak client. You can handle it on an existing realm, or you can create a new realm. You can follow this link to understand how provide these permissions.
      1. Once you created/configureted a realm to have permissions related to users handling, enough you change the appsettings setting the values related to the created/configured realm.
        {
         "Settings": {
           "AuthSettings": {
             "Realms": [
               {
                  "Name": "yourTenantName1",
                  "Audience": "your-audience-defined-on-step1",
                  "Issuer": "https://url-keycloakt/realms/yourTenantName1"
               }
             ],
              "ClientId": "your-client-id",
              "ClientSecret": "your-client-secret",                
              "Resource": "",
              "AuthServerUrl": ""
           }
         }
        }
        

Contributing

This is a project in costant evolution, therefore, if you have some suggestion, enter in contact with me or open a pull request and we can discuss.

License

Distributed under the MIT License. See LICENSE.txt for more information.

Contact

LinkedIn

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.