Why I have choosen Keycloak

Mon Sep 08 2025

For projects that need SSO, OAuth2/OIDC, and flexible identity flows, I chose Keycloak. It’s open source, standards-based, and production-tested.

Reasons that mattered:

• Protocols: OIDC, SAML, OAuth2 support out of the box.
• Extensibility: Realms, clients, mappers, and custom providers.
• Admin UX and APIs: Manage users, groups, and roles at scale.

Operationally, Keycloak integrates well with reverse proxies and supports modern deployment targets (containers, Kubernetes). It’s a solid default for teams who want control without reinventing auth.

Quick start

Run a local Keycloak with Docker:

docker run -p 8080:8080 \
  -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin \
  quay.io/keycloak/keycloak:latest start-dev

Example client config

{
  "realm": "my-realm",
  "auth-server-url": "http://localhost:8080",
  "ssl-required": "none",
  "resource": "my-client",
  "public-client": true,
  "confidential-port": 0
}

Use mappers to include custom claims in tokens and keep services stateless.