diff --git a/src/Infrastructure/BotSharp.OpenAPI/BotSharp.OpenAPI.csproj b/src/Infrastructure/BotSharp.OpenAPI/BotSharp.OpenAPI.csproj
index 46bd85c8d..8b23713ab 100644
--- a/src/Infrastructure/BotSharp.OpenAPI/BotSharp.OpenAPI.csproj
+++ b/src/Infrastructure/BotSharp.OpenAPI/BotSharp.OpenAPI.csproj
@@ -19,12 +19,14 @@
   
   <ItemGroup>
     
+    
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="8.0.2" />
     <PackageReference Include="AspNet.Security.OAuth.GitHub" Version="8.0.0" />
+    <PackageReference Include="AspNet.Security.OAuth.Keycloak" Version="8.0.0" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.2" />
     <PackageReference Include="Microsoft.AspNetCore.SpaServices.Extensions" Version="8.0.2" />
   </ItemGroup>
@@ -32,6 +34,7 @@
   <ItemGroup Condition="'$(TargetFramework)' == 'net6.0'">
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="6.0.27" />
     <PackageReference Include="AspNet.Security.OAuth.GitHub" Version="6.0.15" />
+    <PackageReference Include="AspNet.Security.OAuth.Keycloak" Version="6.0.15" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.25" />
     <PackageReference Include="Microsoft.AspNetCore.SpaServices.Extensions" Version="6.0.26" />
   </ItemGroup>
diff --git a/src/Infrastructure/BotSharp.OpenAPI/BotSharpOpenApiExtensions.cs b/src/Infrastructure/BotSharp.OpenAPI/BotSharpOpenApiExtensions.cs
index 1d36f597d..335015a20 100644
--- a/src/Infrastructure/BotSharp.OpenAPI/BotSharpOpenApiExtensions.cs
+++ b/src/Infrastructure/BotSharp.OpenAPI/BotSharpOpenApiExtensions.cs
@@ -101,6 +101,21 @@ public static IServiceCollection AddBotSharpOpenAPI(this IServiceCollection serv
             });
         }
 
+        // Keycloak Identiy OAuth
+        if (!string.IsNullOrWhiteSpace(config["OAuth:Keycloak:ClientId"]) && !string.IsNullOrWhiteSpace(config["OAuth:Keycloak:ClientSecret"]))
+        {
+            builder = builder.AddKeycloak(options =>
+            {
+                options.BaseAddress = new Uri(config["OAuth:Keycloak:BaseAddress"]);
+                options.Realm = config["OAuth:Keycloak:Realm"];
+                options.ClientId = config["OAuth:Keycloak:ClientId"];
+                options.ClientSecret = config["OAuth:Keycloak:ClientSecret"];
+                options.AccessType = AspNet.Security.OAuth.Keycloak.KeycloakAuthenticationAccessType.Confidential;
+                int version = Convert.ToInt32(config["OAuth:Keycloak:Version"]??"22") ;
+                options.Version = new Version(version,0);
+            });
+        }
+
         // Add services to the container.
         services.AddControllers()
             .AddJsonOptions(options =>
diff --git a/src/Infrastructure/BotSharp.OpenAPI/Controllers/UserController.cs b/src/Infrastructure/BotSharp.OpenAPI/Controllers/UserController.cs
index 65b7a46aa..e4201aa8c 100644
--- a/src/Infrastructure/BotSharp.OpenAPI/Controllers/UserController.cs
+++ b/src/Infrastructure/BotSharp.OpenAPI/Controllers/UserController.cs
@@ -36,9 +36,9 @@ public async Task<ActionResult<Token>> GetToken([FromHeader(Name = "Authorizatio
 
     [AllowAnonymous]
     [HttpGet("/sso/{provider}")]
-    public async Task<IActionResult> Authorize([FromRoute] string provider)
+    public async Task<IActionResult> Authorize([FromRoute] string provider,string redirectUrl)
     {
-        return Challenge(new AuthenticationProperties { RedirectUri = $"page/user/me" }, provider);
+        return Challenge(new AuthenticationProperties { RedirectUri = redirectUrl }, provider);
     }
 
     [AllowAnonymous]
diff --git a/src/WebStarter/appsettings.json b/src/WebStarter/appsettings.json
index c040b4985..37907ff4c 100644
--- a/src/WebStarter/appsettings.json
+++ b/src/WebStarter/appsettings.json
@@ -21,6 +21,13 @@
     "Google": {
       "ClientId": "",
       "ClientSecret": ""
+    },
+    "Keycloak": {
+      "BaseAddress": "",
+      "Realm": "",
+      "ClientId": "",
+      "ClientSecret": "",
+      "Version": 22
     }
   },