Skip to content

GalaxyEClinical/BlazorKeycloak

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

278 Commits
.bk-temp
.bk-temp
 
 
.config
.config
 
 
.github/workflows
.github/workflows
 
 
BlazorKeycloak.AppHost
BlazorKeycloak.AppHost
 
 
BlazorKeycloak.Manager
BlazorKeycloak.Manager
 
 
BlazorKeycloak.ServiceDefaults
BlazorKeycloak.ServiceDefaults
 
 
StartKeycloak.Tool
StartKeycloak.Tool
 
 
TestHarnessCli
TestHarnessCli
 
 
Troubleshooting.Tests
Troubleshooting.Tests
 
 
Web.Api
Web.Api
 
 
Web
Web
 
 
coverage/report
coverage/report
 
 
docs
docs
 
 
dpkeys
dpkeys
 
 
scripts
scripts
 
 
tests
tests
 
 
tools
tools
 
 
-File
-File
 
 
-Pattern
-Pattern
 
 
.editorconfig
.editorconfig
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
10-Tests-Guide.md
10-Tests-Guide.md
 
 
BlazorKeycloak.sln
BlazorKeycloak.sln
 
 
Convert-Wiki-To-PDF.ps1
Convert-Wiki-To-PDF.ps1
 
 
Directory.Build.Props
Directory.Build.Props
 
 
Docker-Compose.Keycloak.yml
Docker-Compose.Keycloak.yml
 
 
Docker-Compose.yml
Docker-Compose.yml
 
 
Generate-Localhost-Cert.ps1
Generate-Localhost-Cert.ps1
 
 
Launch-Keycloak-Env.ps1
Launch-Keycloak-Env.ps1
 
 
ListKeycloakRoles.csx
ListKeycloakRoles.csx
 
 
Open-PlaywrightTrace.ps1
Open-PlaywrightTrace.ps1
 
 
Publish-WikiChanges.ps1
Publish-WikiChanges.ps1
 
 
README.md
README.md
 
 
check-client-secret.ps1
check-client-secret.ps1
 
 
check-prerequisites.csx
check-prerequisites.csx
 
 
kc-set-postlogout.csx
kc-set-postlogout.csx
 
 
kc-show-client.ps1
kc-show-client.ps1
 
 
localmachine-selftest.csx
localmachine-selftest.csx
 
 
mkcert-setup.csx
mkcert-setup.csx
 
 
openssl-localhost.cnf
openssl-localhost.cnf
 
 
prune-playwright-artifacts.ps1
prune-playwright-artifacts.ps1
 
 
repair-keycloakclient.ps1
repair-keycloakclient.ps1
 
 
rewrite-create-signed-structural.csx
rewrite-create-signed-structural.csx
 
 
rewrite-create-signed-targeted.csx
rewrite-create-signed-targeted.csx
 
 
rewrite-create-signed.ps1
rewrite-create-signed.ps1
 
 
rotate-client-secret.ps1
rotate-client-secret.ps1
 
 
run-keycloak-roles.cmd
run-keycloak-roles.cmd
 
 
run-setup-and-inspect.csx
run-setup-and-inspect.csx
 
 
sans.cnf
sans.cnf
 
 
set-bch.csx
set-bch.csx
 
 
setup-blazorKeycloak.csx
setup-blazorKeycloak.csx
 
 
setup-keycloak-inspector.csx
setup-keycloak-inspector.csx
 
 
show-aspire-ports.csx
show-aspire-ports.csx
 
 
show-aspire-ports.ps1
show-aspire-ports.ps1
 
 
show-client.cmd
show-client.cmd
 
 
show-client.csx
show-client.csx
 
 
show-e2e-fixture-env.ps1
show-e2e-fixture-env.ps1
 
 
show-front-channel.csx
show-front-channel.csx
 
 
show-latest-test.ps1
show-latest-test.ps1
 
 
show-latest-trace.ps1
show-latest-trace.ps1
 
 
shutdown-keycloak-env.ps1
shutdown-keycloak-env.ps1
 
 
stop-keycloak.csx
stop-keycloak.csx
 
 
test-coverage.ps1
test-coverage.ps1
 
 

Repository files navigation

License: MIT .NET 9 Keycloak 26+ PRs Welcome Made With C#

BlazorKeycloak

Blazor Server + Keycloak 26+ with PKCE, secure API access, automated setup, and full end-to-end validation — designed for Confidence Through Testing.

What BlazorKeycloak Is

BlazorKeycloak is a:

  • Self-provisioning development environment
  • Complete learning platform for modern identity
  • Fully tested authentication and authorization system

Built with Blazor Server and Keycloak 26+, it is designed so identity behavior is provable, not assumed.

If you want a system where:

  • Identity always works
  • TLS is correctly configured
  • Keycloak boots deterministically
  • PKCE is validated, not guessed
  • API access is secure and testable
  • Your environment is reproducible

BlazorKeycloak is designed for you.

What You’ll Learn

By working with BlazorKeycloak, you will learn how to:

  • Authenticate Blazor Server using OIDC Authorization Code Flow + PKCE
  • Secure Web APIs with audience-limited access tokens
  • Configure Keycloak programmatically: realms, users, roles, clients, and mappers
  • Generate and trust mkcert HTTPS certificates for local development
  • Use deterministic tooling as a source of truth
  • Inspect tokens, claims, audiences, and system health via diagnostics
  • Understand identity flows through diagrams tied directly to runtime behavior
  • Run and interpret a comprehensive end-to-end test suite validating: login, PKCE, API access, logout, and diagnostics

Identity is taught by running real infrastructure and proving correctness with tests.

📄 White Paper

BlazorKeycloak includes a comprehensive White Paper that explains the architecture, security model, and design philosophy behind the project.

It describes why the system is structured the way it is — not just how to run it.

If you want to understand how deterministic setup, PKCE, Keycloak bootstrapping, and end-to-end validation fit together as a coherent system, start here.

Explore BlazorKeycloak

BlazorKeycloak supports multiple audiences — from developers new to Keycloak to those already familiar with OIDC and identity systems.

01 Project Overview

02 Keycloak Concepts and Security

03 Getting Started

04 Development and Integration

Quick Start (Recommended)

BlazorKeycloak provides two complementary setup guides:

👉 Fast path

07 Setup – Quick Start
https://github.com/GalaxyEClinical/BlazorKeycloak/wiki/07-Setup-Quick-Start

A short, opinionated guide that gets you from zero → running BlazorKeycloak using the recommended everyday development workflow.

👉 Authoritative setup

08 Setup Instructions
https://github.com/GalaxyEClinical/BlazorKeycloak/wiki/08-Setup-Instructions

The single source of truth for fully automated, reproducible setup.
This guide:

  • Verifies machine prerequisites
  • Generates trusted HTTPS certificates using mkcert
  • Boots and provisions Keycloak 26+
  • Creates realms, users, roles, and clients
  • Installs Playwright browsers
  • Runs 70+ unit, integration, API, and end-to-end tests

After setup completes successfully, your environment is ready for development.

Why This Project Exists

Modern identity systems are difficult:

  • OIDC has a steep learning curve
  • PKCE behavior varies across implementations
  • TLS setup differs by OS
  • Redirect URIs fail silently
  • Audience mapping is non-obvious
  • Identity provider configuration is fragile
  • Documentation drifts from reality

BlazorKeycloak addresses this by:

  • Automating configuration
  • Enforcing secure defaults
  • Validating behavior with tests
  • Providing diagnostics instead of guesswork
  • Making identity workflows deterministic

You don’t hope identity works — you prove it.

Summary

BlazorKeycloak is a self-validated identity platform for Blazor Server.

Automated setup, deterministic tooling, extensive tests, and a structured wiki combine to deliver:

Confidence Through Testing

About

Deterministic Blazor Server + Keycloak reference architecture with PKCE, secure APIs, automated setup, and end-to-end validation.

github.com/GalaxyEClinical/BlazorKeycloak/wiki

Topics

docker security oauth2 csharp keycloak authentication dotnet authorization oidc pkce blazor playwright

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

BlazorKeycloak v1.0.2 Latest
Jan 10, 2026
+ 1 release

Packages

 
 
 

Contributors

Languages