Keycloak is awesome

What is Keycloak

Keycloak is an Open Source Identity and Access Management

It advertises with the following features:

• Add authentication to applications and secure services with minimum effort.
• No need to deal with storing users or authenticating users.
• Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more

Why not just use framework xyz's user management?

Generally almost any app or service needs some form of user authentication and authorization.

Many popular frameworks add some form of user authentication, e.g. Spring Boot Security or Django User Authentication.

But Keycloak has some major advantages:

• decouple user management from app (separation of concerns)
• independent, centralized user service to rule all other services (e.g. in a microservice based architecture)
• built-in management dashboard (manage settings and users, reset passwords, impersonate users etc)
• extremely fine-grained roles/permission model (exceeding most conventional libraries)
• supports Single-Sign On, Identity Brokering and Social Login, User Federation, LDAP and Active Directory
• multi-tenant capabilities
• vast range of other security features (like password policies)

It supports Client Adapters that allow you to easily connect your applications and services to Keycloak.

It is easily extendable. There are a variety of official and unofficial extensions available. And you can always write your own, like I did by writing a 2FA Email Authenticator!

And there is other tooling around like the brilliant Keycloak Config CLI to add configuration-as-code to Keycloak!

Summary

In practise, I found it an absolute pleasure to work with Keycloak. It is one of those pieces of software that just work™. It is easy to set up, runs very stable and predictable, is well-maintained and has not left me wishing for any left-out features.