Securing APIs is a critical step in building modern web applications. When your frontend uses Keycloak for authentication via OpenID Connect (OIDC), it’s essential to protect your backend API by validating the JWT tokens it receives. This post explains how to secure your API with JWT tokens issued by Keycloak, focusing on a Blazor Server frontend that handles authentication and passes the token to the API for authorization and expiration checks. Configure Keycloak for the nex

When building modern web applications, managing user authentication securely and efficiently is a top priority. If you are a .NET developer working with Aspire and Blazor Server, you might have heard about Keycloak as a popular open-source identity and access management solution. Keycloak supports OpenID Connect (OIDC), making it a powerful tool to handle authentication without reinventing the wheel. This post is the first in a series where I’ll introduce you to Keycloak, exp