search

reactioncommerce / reaction-questions

Ask us questions about Reaction
1 stars 2 forks source link

Can we use Keycloak instead of Hydra #10

Closed deshetti closed 4 years ago

deshetti commented 5 years ago

Wanted to check if we could use Keycloak instead of Hydra as our OAuth 2.0 and Open ID Connect Provider? Our organization already uses Keycloak and would like to use the same for the other applications as well.

Thanks, Shashi

cshivaratri commented 5 years ago

@deshetti thanks for the question. I'll get back to you with more info shortly!

deshetti commented 5 years ago

@cshivaratri sure. Thanks!

impactmass commented 5 years ago

hi @deshetti,

We also evaluated using Keycloak previously. As you probably know, Keycloak comes with a lot of features out of the box (OAuth2 & OpenID Connect, User management i.e users and roles, Federation etc).

In particular, the Roles construct in Keycloak follows a pattern that makes it difficult for us to transfer or even replicate our own model of roles (and thus Authorization) to it - we needed it to be "shop" based. We spent time trying to work around it without success.

Using Keycloak only for OAuth login will then mean that we are adding a system that we only use a tiny fraction of it’s capabilities. Hence our switch to Hydra.

So to your question of “can” you swap Hydra with Keycloak, you can, BUT we do not recommend that based on the above reason. Also, note that after making the swap, your authentication & authorization will not work out of the box, there will be more work needed to get it working (even if you are not using the Keycloak roles setup).

deshetti commented 5 years ago

Hi @impactmass

Thanks for the response. We are developing an open source CMS solution that supports multiple organizations with the same backend. We did face similar issues with keycloak vs application role and user management that we could get around with some tweaks.

Like mentioned, we would prefer to use Keycloak over adding another framework. We will be evaluating Reaction Commerce in the next few weeks and will let you know if we run into any questions while we evaluate this integration.

CTOlet commented 4 years ago

Hi @deshetti

Could you tell us about your success story?)) How is it going?

deshetti commented 4 years ago

@Nemmo Sorry for the delayed response. We decided to not use Reaction Commerce after evaluation. While Reaction Commerce is a great product, it did not suit our specific requirements around data.