I'm trying to integrate an ASP .NET Core client web app with Keycloak using the .NET Core native OIDC Support.

For this I'm using a sample project available in the IdentityServer Github repo [1]. IdentityServer is an OIDC Auth Server/Framework implementation for .NET platform.

I forked that sample repo and changed the configuration to use the Keycloak OIDC endpoints.

The code snippet changed to use keycloak endpoint is this one.

I was able to run this code on my RHEL 7 box using .NET Core for Linux [2]. In the KC side I just created a new realm and a client (see the dotnetcore.json realm config attached). The web app starts and the secured pages/resources redirects the user to the Keycloak endpoint, but after the user authenticates and KC responds the request the following error occurs on .NET client side:

"OpenIdConnectProtocolInvalidCHashException: IDX10307: The 'c_hash' claim was not found in the id_token, but a 'code' was in the OpenIdConnectMessage, id_token: '{"alg":"RS256","typ":"JWT"}.{"jti":"cae47265-327e-4961-aeb2-6615713cc6f8","exp":1469508079,"nbf":0,"iat":1469507779,"iss":"http://localhost:8080/auth/realms/dotnetdemo","aud":"dotnetcore","sub":"b8a10870-3abd-487b-802e-e57307eafc14","typ":"ID","azp":"dotnetcore","nonce":"636051045638599850.NTdmY2FhNWQtYzNmYi00Zjg1LWFlZjItYmViYzBmZTgwMjYzZDMwMDdlYzYtMGJiMS00OWY1LTlhZTQtY2VjNWYyMzM2Yzhl","session_state":"b3010cce-24ac-426b-969a-cccefe41711f","name":"dot NET","preferred_username":"dotnetuser","given_name":"dot","family_name":"NET","email":"donetuser@localhost.com"}'"

Searching for this message "The 'c_hash' claim was not found in the id_token" I found the issue KEYCLOAK-3286 [3]. Does this error have something to do with the KEYCLOAK-3286?

Does some one tried to integrate a .NET app with Keycloak using OIDC protocol?

[1] https://github.com/IdentityServer/IdentityServer4.Samples
[2] https://www.microsoft.com/net/core#redhat
[3] https://issues.jboss.org/browse/KEYCLOAK-3286

--

___
Rafael T. C. Soares