I am going to develop a Blazor WebAssembly application that supports multi-tenancy. This application integrates with Keycloak IdP and provides the authz/authn capabilities. Currently, in Program.cs I have the following:
builder.Services.AddOidcAuthentication(options =>{ builder.Configuration.Bind("Local", options.ProviderOptions);});And in the appSettings.json:
{"Local": {"MetadataUrl": "http://localhost:5600/realms/myapp/.well-known/openid-configuration","Authority": "http://localhost:5600/realms/myapp","ClientId": "public","ResponseType": "id_token token","NameClaim": "preferred_username","RoleClaim": "roles","ScopeClaim": "scope" }}However, in Keycloak, the multi-tenancy is designed as per-client basis, which means that I have a realm called "myapp" (realm is a tenant in Keycloak), and under this "myapp" realm I create several clients, I'd like each client to be corresponding to each tenant in my application.
For example, I have public1, public2 clients defined under myapp realm, I'd like when user hits https://public1.myapp.com, the Blazor WASM can use ClientId=public1 and if the user hits https://public2.myapp.com, the Blazor WASM can use ClientId=public2 to connect to Keycloak.
In the beginning I think that there could be some kind of auth events by subscribing which I can get the HttpContext and dynamically specify the client id from there, but looks like the standard Oidc middleware in Blazor WASM doesn't allow me to do that.
Is there any way of achieving this?