I love the fact that you can run Keycloak locally and have a easy developer experience where you can have full access to your identity provider and go crazy!

With Azure Active Directory and all its equals you usually have to create your own instance in the cloud and costs will incur.

However, most of the documentation and samples I find are geared towards Java frameworks which is not very helpful to me.

ASP.Net has built-in support for JWT bearer authentication aaaand...

Because Keycloak implements the OAuth2 standard - no issue 😂!
We just have to configure the middleware a bit different.

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, o =>
            {
                o.MetadataAddress = "https://<your-keycloak-server>/realms/<your-realm>/.well-known/openid-configuration";
                o.Authority = "https://<your-keycloak-server>/realms/<your-realm>";
                o.Audience = "account";
            });

The important bit is MetadataAddress - this is where the middleware will retrieve all the configuration needed to validate access tokens.

Summary

This was short and hopefully sweet - it's easy to use any OAuth2 provider with ASP.Net Web APIs; you just have to point it in the right direction.

And to be honest, this is mostly as a reminder to myself how to set this up since I am so used to other providers.