DEV Community: Horatiu The latest articles on DEV Community by Horatiu (@horatz). https://dev.to/horatz https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2442419%2Faedaad29-402f-4aba-a7b9-8d33a1d85600.jpg DEV Community: Horatiu https://dev.to/horatz en Asp.Net Core and Keycloak testcontainer. Testing a secure Asp.Net Core Api using Keycloak Testcontainer Horatiu Sat, 16 Nov 2024 17:56:26 +0000 https://dev.to/horatz/aspnet-core-and-keycloak-testcontainer-testing-a-secure-aspnet-core-api-using-keycloak-46jl https://dev.to/horatz/aspnet-core-and-keycloak-testcontainer-testing-a-secure-aspnet-core-api-using-keycloak-46jl <h2> Asp.Net Core and Keycloak testcontainer </h2> <p>Testing a secure Asp.Net Core Api using Keycloak Testcontainer</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Fa667c882-fd82-4c4d-be92-dbe12bf8f5cb" class="article-body-image-wrapper"><img alt="logo" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Fa667c882-fd82-4c4d-be92-dbe12bf8f5cb" width="800" height="282"></a></p> <h2> Solution and Projects setup </h2> <p>Create a new solution.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">dotnet</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">sln</span><span class="w"> </span><span class="nt">-n</span><span class="w"> </span><span class="nx">KeycloakTestcontainer</span><span class="w"> </span></code></pre> </div> <p>Create and add a MinimalApi project to the solution.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">dotnet</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">webapi</span><span class="w"> </span><span class="nt">-n</span><span class="w"> </span><span class="nx">KeycloakTestcontainer.Api</span><span class="w"> </span><span class="n">dotnet</span><span class="w"> </span><span class="nx">sln</span><span class="w"> </span><span class="nx">add</span><span class="w"> </span><span class="o">.</span><span class="nx">/KeycloakTestcontainer.Api</span><span class="w"> </span></code></pre> </div> <p>Add package Microsoft.AspNetCore.Authentication.JwtBearer for token validation. Change the version as required.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">dotnet</span><span class="w"> </span><span class="nx">add</span><span class="w"> </span><span class="nx">package</span><span class="w"> </span><span class="nx">Microsoft.AspNetCore.Authentication.JwtBearer</span><span class="w"> </span><span class="nt">--version</span><span class="w"> </span><span class="nx">x.x.x</span><span class="w"> </span></code></pre> </div> <p>Create and add a xUnit test project to the solution.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">dotnet</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">xunit</span><span class="w"> </span><span class="nt">-n</span><span class="w"> </span><span class="nx">KeycloakTestcontainer.Test</span><span class="w"> </span><span class="n">dotnet</span><span class="w"> </span><span class="nx">sln</span><span class="w"> </span><span class="nx">add</span><span class="w"> </span><span class="o">.</span><span class="nx">/KeycloakTestcontainer.Test</span><span class="w"> </span></code></pre> </div> <p>Add reference to KeycloakTestcontainer.Api project.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">dotnet</span><span class="w"> </span><span class="nx">add</span><span class="w"> </span><span class="nx">reference</span><span class="w"> </span><span class="o">..</span><span class="nx">/KeycloakTestcontainer.Api</span><span class="w"> </span></code></pre> </div> <p>Add package Testcontainers.Keycloak. Change the version as required.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">dotnet</span><span class="w"> </span><span class="nx">add</span><span class="w"> </span><span class="nx">package</span><span class="w"> </span><span class="nx">Testcontainers.Keycloak</span><span class="w"> </span><span class="nt">--version</span><span class="w"> </span><span class="nx">x.x.x</span><span class="w"> </span></code></pre> </div> <p>Add package Microsoft.AspNetCore.Mvc.Testing. It will spin up an in memory web api for testing. Change the version as required.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">dotnet</span><span class="w"> </span><span class="nx">add</span><span class="w"> </span><span class="nx">package</span><span class="w"> </span><span class="nx">Microsoft.AspNetCore.Mvc.Testing</span><span class="w"> </span><span class="nt">--version</span><span class="w"> </span><span class="nx">x.x.x</span><span class="w"> </span></code></pre> </div> <p>Add package dotnet add package FluentAssertions. Change the version as required.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">dotnet</span><span class="w"> </span><span class="nx">add</span><span class="w"> </span><span class="nx">package</span><span class="w"> </span><span class="nx">FluentAssertions</span><span class="w"> </span><span class="nt">--version</span><span class="w"> </span><span class="nx">x.x.x</span><span class="w"> </span></code></pre> </div> <h3> API project setup </h3> <p>Add Authentication and Authorization to program.cs<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">builder</span> <span class="p">=</span> <span class="n">WebApplication</span><span class="p">.</span><span class="nf">CreateBuilder</span><span class="p">(</span><span class="n">args</span><span class="p">);</span> <span class="err">👇</span> <span class="c1">// the realm and the client configured in the Keycloak server</span> <span class="kt">var</span> <span class="n">realm</span> <span class="p">=</span> <span class="s">"myrealm"</span><span class="p">;</span> <span class="kt">var</span> <span class="n">client</span> <span class="p">=</span> <span class="s">"myclient"</span><span class="p">;</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddAuthentication</span><span class="p">()</span> <span class="p">.</span><span class="nf">AddJwtBearer</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="n">Authority</span> <span class="p">=</span> <span class="s">$"https://localhost:8443/realms/</span><span class="p">{</span><span class="n">realm</span><span class="p">}</span><span class="s">"</span><span class="p">;</span> <span class="n">options</span><span class="p">.</span><span class="n">Audience</span> <span class="p">=</span> <span class="s">$"</span><span class="p">{</span><span class="n">client</span><span class="p">}</span><span class="s">"</span><span class="p">;</span> <span class="p">});</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddAuthorization</span><span class="p">();</span> <span class="err">👆</span> <span class="kt">var</span> <span class="n">app</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="n">app</span><span class="p">.</span><span class="n">Environment</span><span class="p">.</span><span class="nf">IsDevelopment</span><span class="p">())</span> <span class="p">{</span> <span class="p">}</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseHttpsRedirection</span><span class="p">();</span> <span class="err">👇</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseAuthentication</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseAuthorization</span><span class="p">();</span> <span class="err">👆</span> <span class="n">app</span><span class="p">.</span><span class="nf">Run</span><span class="p">();</span> </code></pre> </div> <p>Add the secure endpoint.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">builder</span> <span class="p">=</span> <span class="n">WebApplication</span><span class="p">.</span><span class="nf">CreateBuilder</span><span class="p">(</span><span class="n">args</span><span class="p">);</span> <span class="c1">// the realm and the client configured in the Keycloak server</span> <span class="kt">var</span> <span class="n">realm</span> <span class="p">=</span> <span class="s">"myrealm"</span><span class="p">;</span> <span class="kt">var</span> <span class="n">client</span> <span class="p">=</span> <span class="s">"myclient"</span><span class="p">;</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddAuthentication</span><span class="p">()</span> <span class="p">.</span><span class="nf">AddJwtBearer</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="n">Authority</span> <span class="p">=</span> <span class="s">$"https://localhost:8443/realms/</span><span class="p">{</span><span class="n">realm</span><span class="p">}</span><span class="s">"</span><span class="p">;</span> <span class="n">options</span><span class="p">.</span><span class="n">Audience</span> <span class="p">=</span> <span class="s">$"</span><span class="p">{</span><span class="n">client</span><span class="p">}</span><span class="s">"</span><span class="p">;</span> <span class="p">});</span> <span class="n">builder</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="nf">AddAuthorization</span><span class="p">();</span> <span class="kt">var</span> <span class="n">app</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="n">app</span><span class="p">.</span><span class="n">Environment</span><span class="p">.</span><span class="nf">IsDevelopment</span><span class="p">())</span> <span class="p">{</span> <span class="p">}</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseHttpsRedirection</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseAuthentication</span><span class="p">();</span> <span class="n">app</span><span class="p">.</span><span class="nf">UseAuthorization</span><span class="p">();</span> <span class="err">👇</span> <span class="n">app</span><span class="p">.</span><span class="nf">MapGet</span><span class="p">(</span><span class="s">"api/authenticate"</span><span class="p">,</span> <span class="p">()</span> <span class="p">=&gt;</span> <span class="n">Results</span><span class="p">.</span><span class="nf">Ok</span><span class="p">(</span><span class="s">$"</span><span class="p">{</span><span class="n">System</span><span class="p">.</span><span class="n">Net</span><span class="p">.</span><span class="n">HttpStatusCode</span><span class="p">.</span><span class="n">OK</span><span class="p">}</span><span class="s"> authenticated"</span><span class="p">))</span> <span class="p">.</span><span class="nf">RequireAuthorization</span><span class="p">();</span> <span class="err">👆</span> <span class="n">app</span><span class="p">.</span><span class="nf">Run</span><span class="p">();</span> </code></pre> </div> <p>Add <code>IApiMarker.cs</code> interface to the root of KeycloakTestcontainer.Api project.</p> <p>It will be used as entry point of the <code>WebApplicationFactory&lt;IApiMarker&gt;</code></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Ff81e22f5-07af-42ff-a9a8-2ee04629f416" class="article-body-image-wrapper"><img alt="iapimarker" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Ff81e22f5-07af-42ff-a9a8-2ee04629f416" width="463" height="379"></a></p> <h3> Test project setup </h3> <p>Add <code>ApiFactoryFixture.cs</code> class to the KeycloakTestcontainer.Test project.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F106d1875-22bd-4b58-9495-0c5118b58ac0" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F106d1875-22bd-4b58-9495-0c5118b58ac0" width="409" height="442"></a></p> <p>Add the following code to ApiFactoryFixture<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">DotNet.Testcontainers.Builders</span><span class="p">;</span> <span class="k">using</span> <span class="nn">KeycloakTestcontainer.Api</span><span class="p">;</span> <span class="k">using</span> <span class="nn">Microsoft.AspNetCore.Mvc.Testing</span><span class="p">;</span> <span class="k">using</span> <span class="nn">Testcontainers.Keycloak</span><span class="p">;</span> <span class="k">namespace</span> <span class="nn">KeycloakTestcontainer.Test</span><span class="p">;</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">ApiFactoryFixture</span> <span class="p">:</span> <span class="n">WebApplicationFactory</span><span class="p">&lt;</span><span class="n">IApiMarker</span><span class="p">&gt;,</span> <span class="n">IAsyncLifetime</span> <span class="p">{</span> <span class="k">public</span> <span class="kt">string</span><span class="p">?</span> <span class="n">BaseAddress</span> <span class="p">{</span> <span class="k">get</span><span class="p">;</span> <span class="k">set</span><span class="p">;</span> <span class="p">}</span> <span class="p">=</span> <span class="s">"https://localhost:8443"</span><span class="p">;</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">KeycloakContainer</span> <span class="n">_container</span> <span class="p">=</span> <span class="k">new</span> <span class="nf">KeycloakBuilder</span><span class="p">()</span> <span class="p">.</span><span class="nf">WithImage</span><span class="p">(</span><span class="s">"keycloak/keycloak:26.0"</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithPortBinding</span><span class="p">(</span><span class="m">8443</span><span class="p">,</span> <span class="m">8443</span><span class="p">)</span> <span class="c1">//map the realm configuration file import.json.</span> <span class="p">.</span><span class="nf">WithResourceMapping</span><span class="p">(</span><span class="s">"./Import/import.json"</span><span class="p">,</span> <span class="s">"/opt/keycloak/data/import"</span><span class="p">)</span> <span class="c1">//map the certificates</span> <span class="p">.</span><span class="nf">WithResourceMapping</span><span class="p">(</span><span class="s">"./Certs"</span><span class="p">,</span> <span class="s">"/opt/keycloak/certs"</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithCommand</span><span class="p">(</span><span class="s">"--import-realm"</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithEnvironment</span><span class="p">(</span><span class="s">"KC_HTTPS_CERTIFICATE_FILE"</span><span class="p">,</span> <span class="s">"/opt/keycloak/certs/certificate.pem"</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithEnvironment</span><span class="p">(</span><span class="s">"KC_HTTPS_CERTIFICATE_KEY_FILE"</span><span class="p">,</span> <span class="s">"/opt/keycloak/certs/certificate.key"</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithWaitStrategy</span><span class="p">(</span><span class="n">Wait</span><span class="p">.</span><span class="nf">ForUnixContainer</span><span class="p">().</span><span class="nf">UntilPortIsAvailable</span><span class="p">(</span><span class="m">8443</span><span class="p">))</span> <span class="p">.</span><span class="nf">WithClean</span><span class="p">(</span><span class="k">true</span><span class="p">)</span> <span class="p">.</span><span class="nf">Build</span><span class="p">();</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">InitializeAsync</span><span class="p">()</span> <span class="p">{</span> <span class="k">await</span> <span class="n">_container</span><span class="p">.</span><span class="nf">StartAsync</span><span class="p">();</span> <span class="p">}</span> <span class="k">async</span> <span class="n">Task</span> <span class="n">IAsyncLifetime</span><span class="p">.</span><span class="nf">DisposeAsync</span><span class="p">()</span> <span class="p">{</span> <span class="k">await</span> <span class="n">_container</span><span class="p">.</span><span class="nf">StopAsync</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Add <code>ApiFactoryFixtureCollection.cs</code> class. Using xUnit fixture collection, only a single Keycloak container will be created for all the tests.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F5d5f0c02-c565-48d1-9719-b5da54cdf73c" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F5d5f0c02-c565-48d1-9719-b5da54cdf73c" width="415" height="466"></a></p> <p>Add the following code to it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">namespace</span> <span class="nn">KeycloakTestcontainer.Test</span><span class="p">;</span> <span class="p">[</span><span class="nf">CollectionDefinition</span><span class="p">(</span><span class="k">nameof</span><span class="p">(</span><span class="n">ApiFactoryFixtureCollection</span><span class="p">))]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">ApiFactoryFixtureCollection</span> <span class="p">:</span> <span class="n">ICollectionFixture</span><span class="p">&lt;</span><span class="n">ApiFactoryFixture</span><span class="p">&gt;</span> <span class="p">{</span> <span class="p">}</span> </code></pre> </div> <p>Now let's create the <code>AuthenticateEndpointTests.cs</code> test class.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Fbdd272fa-edf2-4d95-98b9-a31a265db983" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Fbdd272fa-edf2-4d95-98b9-a31a265db983" width="418" height="454"></a></p> <p>Add the following code to it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">FluentAssertions</span><span class="p">;</span> <span class="k">using</span> <span class="nn">System.Net.Http.Json</span><span class="p">;</span> <span class="k">using</span> <span class="nn">System.Text.Json.Nodes</span><span class="p">;</span> <span class="k">namespace</span> <span class="nn">KeycloakTestcontainer.Test</span><span class="p">;</span> <span class="p">[</span><span class="nf">Collection</span><span class="p">(</span><span class="k">nameof</span><span class="p">(</span><span class="n">ApiFactoryFixtureCollection</span><span class="p">))]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">AuthenticateEndpointTests</span><span class="p">(</span><span class="n">ApiFactoryFixture</span> <span class="n">apiFactory</span><span class="p">)</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">HttpClient</span> <span class="n">_httpClient</span> <span class="p">=</span> <span class="n">apiFactory</span><span class="p">.</span><span class="nf">CreateClient</span><span class="p">();</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">HttpClient</span> <span class="n">_client</span> <span class="p">=</span> <span class="k">new</span><span class="p">();</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">string</span> <span class="n">_baseAddress</span> <span class="p">=</span> <span class="n">apiFactory</span><span class="p">.</span><span class="n">BaseAddress</span> <span class="p">??</span> <span class="kt">string</span><span class="p">.</span><span class="n">Empty</span><span class="p">;</span> <span class="p">[</span><span class="n">Fact</span><span class="p">]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">AuthenticateEndpoint_WhenUserIsAuthenticated_ShouldReturnOk</span><span class="p">()</span> <span class="p">{</span> <span class="c1">//Arrange</span> <span class="c1">//The realm and the client configured in the Keycloak server</span> <span class="kt">var</span> <span class="n">realm</span> <span class="p">=</span> <span class="s">"myrealm"</span><span class="p">;</span> <span class="kt">var</span> <span class="n">client</span> <span class="p">=</span> <span class="s">"myclient"</span><span class="p">;</span> <span class="c1">//Keycloak server token endpoint</span> <span class="kt">var</span> <span class="n">url</span> <span class="p">=</span> <span class="s">$"</span><span class="p">{</span><span class="n">_baseAddress</span><span class="p">}</span><span class="s">/realms/</span><span class="p">{</span><span class="n">realm</span><span class="p">}</span><span class="s">/protocol/openid-connect/token"</span><span class="p">;</span> <span class="c1">//Api secure endpoint </span> <span class="kt">var</span> <span class="n">apiUrl</span> <span class="p">=</span> <span class="s">"api/authenticate"</span><span class="p">;</span> <span class="c1">//Create the url encoded body</span> <span class="kt">var</span> <span class="n">data</span> <span class="p">=</span> <span class="k">new</span> <span class="n">Dictionary</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">,</span> <span class="kt">string</span><span class="p">&gt;</span> <span class="p">{</span> <span class="p">{</span> <span class="s">"grant_type"</span><span class="p">,</span> <span class="s">"password"</span> <span class="p">},</span> <span class="p">{</span> <span class="s">"client_id"</span><span class="p">,</span> <span class="s">$"</span><span class="p">{</span><span class="n">client</span><span class="p">}</span><span class="s">"</span> <span class="p">},</span> <span class="p">{</span> <span class="s">"username"</span><span class="p">,</span> <span class="s">"myuser"</span> <span class="p">},</span> <span class="p">{</span> <span class="s">"password"</span><span class="p">,</span> <span class="s">"mypassword"</span> <span class="p">}</span> <span class="p">};</span> <span class="c1">//Get the access token from the Keycloak server</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_client</span><span class="p">.</span><span class="nf">PostAsync</span><span class="p">(</span><span class="n">url</span><span class="p">,</span> <span class="k">new</span> <span class="nf">FormUrlEncodedContent</span><span class="p">(</span><span class="n">data</span><span class="p">));</span> <span class="kt">var</span> <span class="n">content</span> <span class="p">=</span> <span class="k">await</span> <span class="n">response</span><span class="p">.</span><span class="n">Content</span><span class="p">.</span><span class="n">ReadFromJsonAsync</span><span class="p">&lt;</span><span class="n">JsonObject</span><span class="p">&gt;();</span> <span class="kt">var</span> <span class="n">token</span> <span class="p">=</span> <span class="n">content</span><span class="p">?[</span><span class="s">"access_token"</span><span class="p">]?.</span><span class="nf">ToString</span><span class="p">();</span> <span class="c1">//Act</span> <span class="c1">//Add the access token to request header</span> <span class="n">_httpClient</span><span class="p">.</span><span class="n">DefaultRequestHeaders</span><span class="p">.</span><span class="n">Authorization</span> <span class="p">=</span> <span class="k">new</span> <span class="n">System</span><span class="p">.</span><span class="n">Net</span><span class="p">.</span><span class="n">Http</span><span class="p">.</span><span class="n">Headers</span><span class="p">.</span><span class="nf">AuthenticationHeaderValue</span><span class="p">(</span><span class="s">"Bearer"</span><span class="p">,</span> <span class="n">token</span><span class="p">);</span> <span class="c1">//Call the Api secure endpoint</span> <span class="kt">var</span> <span class="n">result</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_httpClient</span><span class="p">.</span><span class="nf">GetAsync</span><span class="p">(</span><span class="n">apiUrl</span><span class="p">);</span> <span class="c1">//Assert</span> <span class="n">result</span><span class="p">.</span><span class="n">IsSuccessStatusCode</span><span class="p">.</span><span class="nf">Should</span><span class="p">().</span><span class="nf">BeTrue</span><span class="p">();</span> <span class="n">result</span><span class="p">.</span><span class="n">StatusCode</span><span class="p">.</span><span class="nf">Should</span><span class="p">().</span><span class="nf">Be</span><span class="p">(</span><span class="n">System</span><span class="p">.</span><span class="n">Net</span><span class="p">.</span><span class="n">HttpStatusCode</span><span class="p">.</span><span class="n">OK</span><span class="p">);</span> <span class="p">}</span> <span class="p">[</span><span class="n">Fact</span><span class="p">]</span> <span class="k">public</span> <span class="k">async</span> <span class="n">Task</span> <span class="nf">AuthenticateEndpoint_WhenUserIsNotAuthenticated_ShouldReturnUnauthorized</span><span class="p">()</span> <span class="p">{</span> <span class="c1">//Arrange</span> <span class="c1">//The realm and the client configured in the Keycloak server</span> <span class="kt">var</span> <span class="n">realm</span> <span class="p">=</span> <span class="s">"myrealm"</span><span class="p">;</span> <span class="kt">var</span> <span class="n">client</span> <span class="p">=</span> <span class="s">"myclient"</span><span class="p">;</span> <span class="c1">//Keycloak server token endpoint</span> <span class="kt">var</span> <span class="n">url</span> <span class="p">=</span> <span class="s">$"</span><span class="p">{</span><span class="n">_baseAddress</span><span class="p">}</span><span class="s">/realms/</span><span class="p">{</span><span class="n">realm</span><span class="p">}</span><span class="s">/protocol/openid-connect/token"</span><span class="p">;</span> <span class="c1">//Api secure endpoint </span> <span class="kt">var</span> <span class="n">apiUrl</span> <span class="p">=</span> <span class="s">"api/authenticate"</span><span class="p">;</span> <span class="c1">//Create the url encoded body</span> <span class="kt">var</span> <span class="n">data</span> <span class="p">=</span> <span class="k">new</span> <span class="n">Dictionary</span><span class="p">&lt;</span><span class="kt">string</span><span class="p">,</span> <span class="kt">string</span><span class="p">&gt;</span> <span class="p">{</span> <span class="p">{</span> <span class="s">"grant_type"</span><span class="p">,</span> <span class="s">"password"</span> <span class="p">},</span> <span class="p">{</span> <span class="s">"client_id"</span><span class="p">,</span> <span class="s">$"</span><span class="p">{</span><span class="n">client</span><span class="p">}</span><span class="s">"</span> <span class="p">},</span> <span class="p">{</span> <span class="s">"username"</span><span class="p">,</span> <span class="s">"myuser"</span> <span class="p">},</span> <span class="p">{</span> <span class="s">"password"</span><span class="p">,</span> <span class="s">"badpassword"</span> <span class="p">}</span> <span class="p">};</span> <span class="c1">//Get the access token from the Keycloak server</span> <span class="kt">var</span> <span class="n">response</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_client</span><span class="p">.</span><span class="nf">PostAsync</span><span class="p">(</span><span class="n">url</span><span class="p">,</span> <span class="k">new</span> <span class="nf">FormUrlEncodedContent</span><span class="p">(</span><span class="n">data</span><span class="p">));</span> <span class="kt">var</span> <span class="n">content</span> <span class="p">=</span> <span class="k">await</span> <span class="n">response</span><span class="p">.</span><span class="n">Content</span><span class="p">.</span><span class="n">ReadFromJsonAsync</span><span class="p">&lt;</span><span class="n">JsonObject</span><span class="p">&gt;();</span> <span class="kt">var</span> <span class="n">token</span> <span class="p">=</span> <span class="n">content</span><span class="p">?[</span><span class="s">"access_token"</span><span class="p">]?.</span><span class="nf">ToString</span><span class="p">();</span> <span class="c1">//Act</span> <span class="c1">//Add the access token to request header</span> <span class="n">_httpClient</span><span class="p">.</span><span class="n">DefaultRequestHeaders</span><span class="p">.</span><span class="n">Authorization</span> <span class="p">=</span> <span class="k">new</span> <span class="n">System</span><span class="p">.</span><span class="n">Net</span><span class="p">.</span><span class="n">Http</span><span class="p">.</span><span class="n">Headers</span><span class="p">.</span><span class="nf">AuthenticationHeaderValue</span><span class="p">(</span><span class="s">"Bearer"</span><span class="p">,</span> <span class="n">token</span><span class="p">);</span> <span class="c1">//Call the Api secure endpoint</span> <span class="kt">var</span> <span class="n">result</span> <span class="p">=</span> <span class="k">await</span> <span class="n">_httpClient</span><span class="p">.</span><span class="nf">GetAsync</span><span class="p">(</span><span class="n">apiUrl</span><span class="p">);</span> <span class="c1">//Assert</span> <span class="n">result</span><span class="p">.</span><span class="n">IsSuccessStatusCode</span><span class="p">.</span><span class="nf">Should</span><span class="p">().</span><span class="nf">BeFalse</span><span class="p">();</span> <span class="n">result</span><span class="p">.</span><span class="n">StatusCode</span><span class="p">.</span><span class="nf">Should</span><span class="p">().</span><span class="nf">Be</span><span class="p">(</span><span class="n">System</span><span class="p">.</span><span class="n">Net</span><span class="p">.</span><span class="n">HttpStatusCode</span><span class="p">.</span><span class="n">Unauthorized</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Keycloak container setup </h2> <p>Requirements: docker installed.</p> <p>Pull the docker image<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">docker</span><span class="w"> </span><span class="nx">pull</span><span class="w"> </span><span class="nx">keycloak/keycloak:26.0</span><span class="w"> </span></code></pre> </div> <p>To avoid the <code>ERR_SSL_PROTOCOL_ERROR</code> in the browser , will use the developer certificates for https connection.</p> <p>Create a Certs folder in KeycloakTestcontainer.Test. Will store the certificates here.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F9e8be60d-6a91-4ea6-b8d1-5694c4f16d23" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F9e8be60d-6a91-4ea6-b8d1-5694c4f16d23" width="411" height="493"></a></p> <p>Open an terminal and navigate to the folder.<br> Create a certificate, trust it, and export it to a PEM file including the private key:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">dotnet</span><span class="w"> </span><span class="nx">dev-certs</span><span class="w"> </span><span class="nx">https</span><span class="w"> </span><span class="nt">-ep</span><span class="w"> </span><span class="o">.</span><span class="nx">/certificate.crt</span><span class="w"> </span><span class="nt">-p</span><span class="w"> </span><span class="nv">$YOUR_PASSWORD</span><span class="err">$</span><span class="w"> </span><span class="nt">--trust</span><span class="w"> </span><span class="nt">--format</span><span class="w"> </span><span class="nx">PEM</span><span class="w"> </span></code></pre> </div> <p>Command will generate two files, certificate.pem and certificate.key. Do not forget to add .pem and .key extensions to .gitignore. </p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Fe758c63f-060d-4d38-9d8f-22f097da55c8" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Fe758c63f-060d-4d38-9d8f-22f097da55c8" width="410" height="546"></a></p> <p>Let's create a docker compose file for the initial setup of the Keycloak realm, client and users.<br> Add the <code>docker-compose.yml</code> file to KeycloakTestcontainer.Test project.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Fcd6a0a8f-e05b-4e84-af8d-2940e276a5cd" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Fcd6a0a8f-e05b-4e84-af8d-2940e276a5cd" width="402" height="288"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">keycloak_server</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">keycloak/keycloak:26.0</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">keycloak</span> <span class="na">command</span><span class="pi">:</span> <span class="s">start-dev --import-realm</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">KC_DB</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">KC_DB_URL_HOST</span><span class="pi">:</span> <span class="s">postgres_keycloak</span> <span class="na">KC_DB_URL_DATABASE</span><span class="pi">:</span> <span class="s">keycloak</span> <span class="na">KC_DB_USERNAME</span><span class="pi">:</span> <span class="s">admin</span> <span class="na">KC_DB_PASSWORD</span><span class="pi">:</span> <span class="s">passw0rd</span> <span class="na">KC_BOOTSTRAP_ADMIN_USERNAME</span><span class="pi">:</span> <span class="s">admin</span> <span class="na">KC_BOOTSTRAP_ADMIN_PASSWORD</span><span class="pi">:</span> <span class="s">admin</span> <span class="na">KC_HTTPS_CERTIFICATE_FILE</span><span class="pi">:</span> <span class="s">/opt/keycloak/certs/certificate.pem</span> <span class="na">KC_HTTPS_CERTIFICATE_KEY_FILE</span><span class="pi">:</span> <span class="s">/opt/keycloak/certs/certificate.key</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8880:8080"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8443:8443"</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">postgres_keycloak</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./Certs:/opt/keycloak/certs</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">keycloak_network</span> <span class="na">postgres_keycloak</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:16.0</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">command</span><span class="pi">:</span> <span class="s">postgres -c 'max_connections=200'</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s2">"</span><span class="s">admin"</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s2">"</span><span class="s">passw0rd"</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s2">"</span><span class="s">keycloak"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5433:5432"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">postgres-datas:/var/lib/postgresql/data</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="s2">"</span><span class="s">exit</span><span class="nv"> </span><span class="s">0"</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">keycloak_network</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">postgres-datas</span><span class="pi">:</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">keycloak_network</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">bridge</span> </code></pre> </div> <p>Run the command to spin up the Keycloak container<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">docker</span><span class="w"> </span><span class="nx">compose</span><span class="w"> </span><span class="nt">-f</span><span class="w"> </span><span class="o">.</span><span class="nx">\docker-compose.yml</span><span class="w"> </span><span class="nx">up</span><span class="w"> </span><span class="nt">-d</span><span class="w"> </span></code></pre> </div> <p>Open browser and open the <code>https://localhost:8443</code><br> You'll be redirected to the login page.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Fa551c8b9-33a5-4950-b253-eb54cca42d3e" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Fa551c8b9-33a5-4950-b253-eb54cca42d3e" width="800" height="648"></a></p> <p>Login with username <code>admin</code> and password <code>admin</code> <br> Create a new realm</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F14a1b04c-7dc7-4100-baaf-0b882a590f75" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F14a1b04c-7dc7-4100-baaf-0b882a590f75" width="463" height="793"></a></p> <p>For simplicity we'll name the realm <code>myrealm</code>. Click <strong>Create</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Feb73d009-c309-4a01-8d02-b266da7607b4" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Feb73d009-c309-4a01-8d02-b266da7607b4" width="800" height="399"></a></p> <p>Create a user</p> <p>Initially, the realm has no users. Use these steps to create a user:</p> <p>Verify that you are still in the myrealm realm, which is shown above the word Manage.</p> <p>Click <strong>Users</strong> in the left-hand menu. Click <strong>Create new user</strong>.</p> <p>Fill in the form with the following values:</p> <p>Username: <code>myuser</code></p> <p>Email: <code>myuser@email.com</code></p> <p>First name: any first name</p> <p>Last name: any last name</p> <p>Click <strong>Create</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F51f1ba84-6969-47ed-8594-7e3d9b603e15" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F51f1ba84-6969-47ed-8594-7e3d9b603e15" width="800" height="321"></a></p> <p>This user needs a password to log in. To set the initial password:</p> <p>Click Credentials at the top of the page.</p> <p>Fill in the Set password form with a <code>mypassword</code> password.</p> <p>Toggle Temporary to Off so that the user does not need to update this password at the first login.</p> <p>Click <strong>Save</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F6cc98b78-a7a4-45f8-bb8d-b7814556ecd3" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F6cc98b78-a7a4-45f8-bb8d-b7814556ecd3" width="800" height="430"></a></p> <p>Create Client.</p> <p>Verify that you are still in the myrealm realm, which is shown above the word Manage.</p> <p>Click <strong>Clients</strong>.</p> <p>Click <strong>Create client</strong></p> <p>Fill in the form with the following values:</p> <p>1.Client type: <code>OpenID Connect</code></p> <p>2.Client ID: <code>myclient</code></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F35277a25-3553-4bc5-94c8-44634178c327" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F35277a25-3553-4bc5-94c8-44634178c327" width="800" height="473"></a></p> <p>Click <strong>Next</strong>.</p> <p>Confirm that <strong>Direct access grants</strong> is enabled. For simplicity we'll create a public cllient.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F8b9f7cc1-0f21-472f-8cb7-c644d65fbc65" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F8b9f7cc1-0f21-472f-8cb7-c644d65fbc65" width="800" height="544"></a></p> <p>Click <strong>Next</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F2b378983-70f1-48d5-830e-3a06c368a335" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F2b378983-70f1-48d5-830e-3a06c368a335" width="800" height="484"></a></p> <p>Click <strong>Save</strong>.</p> <p>By default the Client Audience is not mapped to the token. We have to create and map it.</p> <p>Click on <strong>Client Scope</strong> on the left menu.</p> <p>Click <strong>Create client scope</strong> tab button.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F3d21d3ac-f8e1-414d-a51e-dc52a798e8ba" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F3d21d3ac-f8e1-414d-a51e-dc52a798e8ba" width="800" height="237"></a></p> <p>Fill in the form with the following values:</p> <p>1.Name: <code>audience</code></p> <p>2.Type: <code>Default</code></p> <p>3.Toggle <code>Display on consent</code> screen to Off</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F5566a1b9-5d94-4a64-9c43-8dfab934fe46" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F5566a1b9-5d94-4a64-9c43-8dfab934fe46" width="800" height="460"></a></p> <p>Click <strong>Save</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F85eace07-003f-4531-bfee-893fe68aff57" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F85eace07-003f-4531-bfee-893fe68aff57" width="800" height="418"></a></p> <p>Click <strong>Mapper</strong> tab</p> <p>Click <strong>Configure new mapper</strong> and select <strong>Audience</strong></p> <p>Fill in the form with the following values:</p> <p>1.Name: any name</p> <p>2.Included Client Audience: select <code>myclient</code></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F5e94605d-0a5b-44b5-94d6-3c5a33f225e1" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F5e94605d-0a5b-44b5-94d6-3c5a33f225e1" width="800" height="571"></a></p> <p>Click <strong>Save</strong></p> <p>Click <strong>Clients</strong> on nav menu, select <code>myclient</code>.</p> <p>Click <strong>Add client scope</strong> tab, select audience and click <strong>Add</strong> default.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F87c6f48b-2205-4a88-8439-86bcd72fcbec" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F87c6f48b-2205-4a88-8439-86bcd72fcbec" width="800" height="403"></a></p> <h3> Export the realm configuration </h3> <p>In order to have this same configuration every time when the testcontainer is started, we will export this realm configuration to a import.json file. The file will be imported by the test container during start-up.</p> <p>Add a folder named <strong>Import</strong> to the test project.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F1118d55c-261c-4eb5-aef7-c74f065f2c71" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F1118d55c-261c-4eb5-aef7-c74f065f2c71" width="406" height="331"></a></p> <p>Open a terminal and navigate to the folder.</p> <p>Identify the keyclaok container<br> <br> <code>docker ps</code><br> </p> <p>Access the container<br> <br> <code>docker exec -it (container id) /bin/bash</code><br> </p> <p>Export the realm configuration<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">cd</span><span class="w"> </span><span class="nx">/opt/keycloak/bin</span><span class="w"> </span><span class="o">.</span><span class="n">/kc.sh</span><span class="w"> </span><span class="nx">export</span><span class="w"> </span><span class="nt">--file</span><span class="w"> </span><span class="nx">/tmp/</span><span class="p">(</span><span class="n">file</span><span class="w"> </span><span class="nx">name</span><span class="p">)</span><span class="o">.</span><span class="nf">json</span><span class="w"> </span><span class="nt">--realm</span><span class="w"> </span><span class="p">(</span><span class="n">realm</span><span class="w"> </span><span class="nx">name</span><span class="p">)</span><span class="w"> </span></code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F65351476-f095-4c1a-88e2-a8c9fcd93067" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F65351476-f095-4c1a-88e2-a8c9fcd93067" width="800" height="292"></a></p> <p>Copy the file from container to Import folder<br> <br> <code>docker cp {container id):/tmp/{file name}.json ./{directory name}</code><br> </p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F7acd9309-cbe5-40d5-a3ff-95aa51bf21e5" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2F7acd9309-cbe5-40d5-a3ff-95aa51bf21e5" width="800" height="218"></a></p> <h3> Testing </h3> <p>Run the tests. Both tests should pass.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Fb96182b3-23c0-4d5b-806c-a71e8e003eec" class="article-body-image-wrapper"><img alt="image" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Fb96182b3-23c0-4d5b-806c-a71e8e003eec" width="800" height="326"></a></p> dotnet docker aspnet csharp