[cainlevy]

Keycloak does some really great things. It does require managing a Java runtime though, and is missing the streamlining that allows AuthN to run as an invisible API.

Keycloak (and similar) hosts and renders your login page. You customize through theming. You're expected to redirect users through a standard OAuth2/OIDC flow on a different domain.

AuthN doesn't render any HTML. That's all you, from start to finish. This means you have control over the UX and can build the login page directly into your own app, just like you would when using an auth library in a typical monolith.

[guywhocodes]

What, I can't simply post to any login/register/logout uri's and expect either a redirect with configuring headers back or an object that let's me manage the token manually?

EDIT: I've been trying out keycloak and it looks great but I've always assumed I just had not figured out how to make that happen. As the documentation is quite large and of the harder kind.

[artpar]

You can design the login/register page in keycloak completely. From scratch. I have used it before and had done that.