Reference: TideCloak Csharp
A compact reference for the C# SDK.
Packages
Microsoft.AspNetCore.Authentication.OpenIdConnectMicrosoft.AspNetCore.Authentication.CookiesMicrosoft.AspNetCore.Authentication.JwtBearer(for APIs)Microsoft.IdentityModel.Protocols.OpenIdConnect
OpenIdConnectOptions (common)
.AddOpenIdConnect(o =>
{
o.Authority = "http://localhost:8080/realms/myrealm";
o.ClientId = "myclient";
o.ResponseType = "code"; // Authorization Code flow
o.SaveTokens = true; // Keep ID/access tokens in auth session
o.RequireHttpsMetadata = true; // set false only for dev
o.Scope.Add("openid");
o.Scope.Add("profile");
o.GetClaimsFromUserInfoEndpoint = true;
// Map common claims
o.ClaimActions.MapJsonKey(System.Security.Claims.ClaimTypes.Name, "preferred_username");
o.ClaimActions.MapJsonKey(System.Security.Claims.ClaimTypes.Email, "email");
// Events
o.Events = new Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents
{
OnTokenValidated = ctx =>
{
// post‑processing (e.g., copy roles, set Name)
return System.Threading.Tasks.Task.CompletedTask;
}
};
});
Useful properties
Authority- your realm URLClientId- the client configured in TideCloakResponseType- usuallycodeSaveTokens- store tokens for later (e.g., call downstream APIs)GetClaimsFromUserInfoEndpoint- fetch extra user info
Cookie authentication
.AddCookie(options =>
{
options.Cookie.Name = ".tide.auth";
options.SlidingExpiration = True;
});
JWT Bearer (APIs)
.AddJwtBearer("bearer", o =>
{
o.Authority = "http://localhost:8080/realms/myrealm";
o.Audience = "myclient";
o.RequireHttpsMetadata = true; // prod
});
Authorization policies
builder.Services.AddAuthorization(o =>
{
o.AddPolicy("AdminsOnly", p => p.RequireRole("admin"));
o.AddPolicy("EmailRequired", p => p.RequireClaim("email"));
});
Useful routes (Keycloak/TideCloak)
- Registration:
/realms/{realm}/protocol/openid-connect/registrations - Account:
/realms/{realm}/account - Discovery:
/.well-known/openid-configuration(contains endpoints andjwks_uri)