I use keycloak, but it's Java and I need Go or better performance.
With the new UI mass admin tasks are no longer possible.
At least version upgrades are better now.
Keycloak has no ed25519 support. Louketo proxy or whatever it's called nowadays only supports RS256, so I had to write my own OIDC middleware.
At least they stopped generating UUIDv4 secrets.
Hydra is too complex.
Dex is too simple.
Identity Server lacks performance because C#.
Zitadel, heard but not tried yet. The keycloak vs zitadel page doesn't help. Is the Zitadel access token also jwt like in keycloak and included role membership?
I use a Vue client specifically for Keycloak.
The generic openid-connect-client is unmaintained.
The TS fork doesn't have a working, maintained, reactive implementation.
Why does OIDC have to be so complicated?
I know why... so you, like with k8s, trust external, paid for (expensively), companies with your work and data.
The old "make it complicated so people would rather pay for our services".
Remember the story about the oauth1 creator quitting the oauth2 project?
> Zitadel, heard but not tried yet. The keycloak vs zitadel page doesn't help. Is the Zitadel access token also jwt like in keycloak and included role membership?
By default Zitadel uses opaque tokens but you can switch to JWT and use an piece of JS code (actions) to insert whatever claim you want into the tokens
With the new UI mass admin tasks are no longer possible. At least version upgrades are better now.
Keycloak has no ed25519 support. Louketo proxy or whatever it's called nowadays only supports RS256, so I had to write my own OIDC middleware. At least they stopped generating UUIDv4 secrets.
Hydra is too complex.
Dex is too simple.
Identity Server lacks performance because C#.
Zitadel, heard but not tried yet. The keycloak vs zitadel page doesn't help. Is the Zitadel access token also jwt like in keycloak and included role membership?
I use a Vue client specifically for Keycloak. The generic openid-connect-client is unmaintained. The TS fork doesn't have a working, maintained, reactive implementation.
Why does OIDC have to be so complicated? I know why... so you, like with k8s, trust external, paid for (expensively), companies with your work and data.
The old "make it complicated so people would rather pay for our services".
Remember the story about the oauth1 creator quitting the oauth2 project?
https://www.wired.com/2012/07/developer-quits-oauth-2-0-spec...
Keycloak ed25519 issue https://github.com/keycloak/keycloak/issues/15714