How to Secure .NET 10 APIs with Keycloak and OAuth 2.0

Описание: Get the source code for this video here → https://the-dotnet-weekly.kit.com/key...
Get the 2026 .NET Developer roadmap here → https://the-dotnet-weekly.ck.page/202...
Want to master Clean Architecture? Go here: https://bit.ly/3PupkOJ
Want to unlock Modular Monoliths? Go here: https://bit.ly/3SXlzSt

Keycloak is still my favorite identity provider in 2026. In this video, I’ll show you the complete setup—from running Keycloak locally to integrating it into your .NET 10 applications for robust authentication and authorization.

We will start by spinning up a Keycloak instance using Docker Compose, covering essential configurations like health checks and volume mapping. Then, we’ll dive into the Keycloak Admin Console to set up a Realm and a Public Client.

The core of this tutorial covers integrating Swagger UI with OAuth 2.0. I’ll show you how to configure the Authorization Code Flow with PKCE (Proof Key for Code Exchange) so you can authenticate users directly from your API documentation. Finally, we’ll wire up JWT Bearer authentication in .NET 10 to validate tokens and enforce security policies.

In this video, we cover:

Docker Setup: Running Keycloak 26.5.2 locally with development flags.
Keycloak Config: Creating Realms, Clients, and valid redirect URIs.
Swagger Integration: Configuring Swashbuckle to handle the OAuth2 handshake.
Security: Implementing the Authorization Code Flow with PKCE.
JWT Validation: Setting up Microsoft.AspNetCore.Authentication.JwtBearer in .NET 10.

Integrate Keycloak with ASP.NET Core Using OAuth 2.0
https://www.milanjovanovic.tech/blog/...

Check out my courses:
https://www.milanjovanovic.tech/courses

Read my Blog here:
https://www.milanjovanovic.tech/blog

Join my weekly .NET newsletter:
https://www.milanjovanovic.tech

Chapters