Skip to main content

Reference: TideCloak Csharp

A compact reference for the C# SDK.

Packages

  • Microsoft.AspNetCore.Authentication.OpenIdConnect
  • Microsoft.AspNetCore.Authentication.Cookies
  • Microsoft.AspNetCore.Authentication.JwtBearer (for APIs)
  • Microsoft.IdentityModel.Protocols.OpenIdConnect

OpenIdConnectOptions (common)

.AddOpenIdConnect(o => {

  o.Authority = "http://localhost:8080/realms/myrealm";

  o.ClientId = "myclient";

  o.ResponseType = "code"; // Authorization Code flow

  o.SaveTokens = true; // Keep ID/access tokens in auth session

  o.RequireHttpsMetadata = true; // set false only for dev

  o.Scope.Add("openid");

  o.Scope.Add("profile");

  o.GetClaimsFromUserInfoEndpoint = true;



  // Map common claims

  o.ClaimActions.MapJsonKey(System.Security.Claims.ClaimTypes.Name, "preferred_username");

  o.ClaimActions.MapJsonKey(System.Security.Claims.ClaimTypes.Email, "email");



  // Events

  o.Events = new Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents {

    OnTokenValidated = ctx => {

      // post‑processing (e.g., copy roles, set Name)

      return System.Threading.Tasks.Task.CompletedTask;

      }

  };

});

Useful properties

  • Authority - your realm URL
  • ClientId - the client configured in TideCloak
  • ResponseType - usually code
  • SaveTokens - store tokens for later (e.g., call downstream APIs)
  • GetClaimsFromUserInfoEndpoint - fetch extra user info
.AddCookie(options => {

  options.Cookie.Name = ".tide.auth";

  options.SlidingExpiration = True;

});

JWT Bearer (APIs)

.AddJwtBearer("bearer", o => {

  o.Authority = "http://localhost:8080/realms/myrealm";

  o.Audience = "myclient";

  o.RequireHttpsMetadata = true; // prod

});

Authorization policies

builder.Services.AddAuthorization(o => {

  o.AddPolicy("AdminsOnly", p => p.RequireRole("admin"));

  o.AddPolicy("EmailRequired", p => p.RequireClaim("email"));

});

Useful routes (Keycloak/TideCloak)

  • Registration: /realms/{realm}/protocol/openid-connect/registrations
  • Account: /realms/{realm}/account
  • Discovery: /.well-known/openid-configuration (contains endpoints and jwks_uri)