Keycloak.Net.Sdk 1.5.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package Keycloak.Net.Sdk --version 1.5.0
                    


                    

                
NuGet\Install-Package Keycloak.Net.Sdk -Version 1.5.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Keycloak.Net.Sdk" Version="1.5.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Keycloak.Net.Sdk" Version="1.5.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Keycloak.Net.Sdk" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Keycloak.Net.Sdk --version 1.5.0
                    


                    

                
#r "nuget: Keycloak.Net.Sdk, 1.5.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Keycloak.Net.Sdk@1.5.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Keycloak.Net.Sdk&version=1.5.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Keycloak.Net.Sdk&version=1.5.0
                    


                            Install as a Cake Tool

Keycloak.Net.Sdk

NuGet NuGet NuGet Release SDK Release Aspire License: MIT

A modular .NET SDK for the Keycloak Admin REST API: typed interfaces, built-in retry, auto-attached Bearer tokens, and first-class .NET Aspire support. Targets .NET 8 and .NET 10.

Why this SDK?

Working with the Keycloak Admin API from .NET means writing boilerplate: managing service-account tokens, attaching Authorization headers, handling retries, and wiring everything into the DI container. This SDK takes care of all of that so you can call IUserManagement, IRoleManagement, etc. directly from your services - no plumbing required.

If you're on .NET Aspire, two additional packages wire the SDK automatically from the Aspire connection string with a single AddKeycloakSdk() call.

Packages

Package Description
Keycloak.Net.Sdk Core SDK: all managers, token handler, retry
Keycloak.Net.Sdk.Aspire Client integration: AddKeycloakSdk() reads Aspire connection string
Keycloak.Net.Sdk.Aspire.Hosting AppHost integration: AddKeycloak() adds Keycloak as a container resource

Quick Start: Standalone

dotnet add package Keycloak.Net.Sdk

// appsettings.json
"keycloak": {
  "ServerUrl": "https://your-keycloak-host/",
  "RealmName": "your-realm",
  "ClientId": "your-client-id",
  "ClientSecret": "your-client-secret",
  "ClientUuid": "your-client-uuid",
  "AdminUsername": "admin",
  "AdminPassword": "admin-password"
}

// Program.cs
builder.Services.AddKeycloak(builder.Configuration);

// Inject anywhere via DI
public class MyService(IUserManagement users, IRoleManagement roles)
{
    public async Task CreateUser()
    {
        var result = await users.SignupAsync(new SignupRequestDto
        {
            Username  = "john.doe",
            Email     = "john@example.com",
            FirstName = "John",
            LastName  = "Doe",
            Password  = "Secret@123"
        });
    }
}

Quick Start: .NET Aspire

# AppHost project
dotnet add package Keycloak.Net.Sdk.Aspire.Hosting

# API / service project
dotnet add package Keycloak.Net.Sdk.Aspire

// AppHost/Program.cs
var keycloak = builder.AddKeycloak("keycloak");

builder.AddProject<Projects.MyApi>("api")
       .WithReference(keycloak)
       .WaitFor(keycloak);

// MyApi/Program.cs - reads ServerUrl from Aspire connection string automatically
builder.AddKeycloakSdk();

// MyApi/appsettings.json - only realm-level settings needed
"keycloak": {
  "RealmName": "my-realm",
  "ClientId": "my-client",
  "ClientSecret": "my-secret",
  "ClientUuid": "my-uuid",
  "AdminUsername": "admin",
  "AdminPassword": "admin"
}

Or use IGroupManagement to organize users into groups:

Features

  • Authentication: sign up / sign in users, service-account token management
  • User management: get, enable/disable, set password, delete
  • Role management: client roles & realm roles (get, create, assign/remove to users and groups)
  • Client management: get, create, delete clients; enable service accounts
  • Realm management: create realms
  • Group management: create/delete groups, add/remove users
  • Session management: get active sessions, revoke a session, logout all devices
  • Resilience: built-in retry policy via Microsoft.Extensions.Http.Resilience
  • Auto Bearer: DelegatingHandler that attaches tokens transparently
  • Full DI: IHttpClientFactory-based, all interfaces injectable

Available Interfaces

Interface Responsibilities
IUserManagement Sign up, sign in, get, enable/disable, set password, delete
IRoleManagement Client & realm roles: get, create, assign/remove
IClientManagement Get, create, delete clients; enable service accounts
IRealmManagement Create realms
ITokenManagement Get service-account token, revoke
IGroupManagement Create/delete groups, add/remove users
IUserSessionManagement Get active sessions, revoke, logout all

Documentation

Running Tests

Unit Tests

Unit tests use a fake HttpMessageHandler no external dependencies required.

# Unit tests - no external dependencies
dotnet test Keycloak.Net.Sdk.UnitTests/Keycloak.Net.Sdk.UnitTests.csproj

Integration Tests

Integration tests - requires Docker (Testcontainers.Keycloak)

dotnet test Keycloak.Net.Sdk.IntegrationTests/Keycloak.Net.Sdk.IntegrationTests.csproj


The fixture automatically handles the full setup sequence:
1. Starts a Keycloak container
2. Creates a dedicated test realm
3. Creates a confidential client with service accounts
4. Grants realm-admin role to the service account
5. Creates a test user, client role, realm role, and group

> The first run pulls the Keycloak Docker image (~500 MB). Subsequent runs reuse the cached image.

### All Tests

```bash
dotnet test

Project Structure

Keycloak.Net.Sdk/                  # SDK source
├── Athentications/                # TokenProvider, TokenManagement, KeycloakAuthHandler
├── Clients/                       # ClientManagement + DTOs
├── Configurations/                # KeycloakConfiguration
├── Contracts/                     # Shared response types (KeycloakBaseResponse)
├── Extensions/                    # ServiceRegistrations, ExceptionHandler
├── Groups/                        # GroupManagement + DTOs
├── Realms/                        # RealmManagement
├── Roles/                         # RoleManagement + DTOs
├── UserSessions/                  # UserSessionManagement + DTOs
└── Users/                         # UserManagement + DTOs

Keycloak.Net.Sdk.UnitTests/        # Unit tests (Moq, FakeHttpMessageHandler)
Keycloak.Net.Sdk.IntegrationTests/ # Integration tests (Testcontainers.Keycloak)

License

MIT - Copyright © 2024 Milad Rivandi

Questions or feedback: miladrivandi73@gmail.com · Open an issue

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Keycloak.Net.Sdk:

Package Downloads
Keycloak.Net.Sdk.Aspire

.NET Aspire client integration for Keycloak.Net.Sdk — wires the SDK into a dependent project using the Aspire-injected connection string

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.5.0 44 6/20/2026
1.4.1 114 6/8/2026
1.3.0 96 6/3/2026
1.2.0 100 5/29/2026
1.1.2 105 5/28/2026
1.1.1 282 4/21/2025 1.1.1 is deprecated because it is no longer maintained and has critical bugs.
1.0.3 285 4/13/2025 1.0.3 is deprecated because it is no longer maintained and has critical bugs.
1.0.1-rc06 526 3/24/2025
1.0.1-rc05 515 3/24/2025
1.0.1-rc04 515 3/24/2025
1.0.1-rc03 334 3/23/2025
1.0.0 361 3/23/2025 1.0.0 is deprecated because it is no longer maintained and has critical bugs.

https://github.com/MiladRv/Keycloak.Net/releases