[gsjjsjsbsb]

Does anybody have a good, comprehensive guide to Keycloak? I looked at it a while back and it seemed like a giant web UI with a million poorly documented knobs, but I keep seeing people who claim to be using it. I've used Auth0, Okta, Dex, and ORY and none of them seemed quite as incomprehensible

[rad_gruchalski]

The thing with Keycloak is: when you know what you are looking for, it's all self descriptive. Server administration documentation is awesome: https://www.keycloak.org/docs/latest/server_admin/index.html

I've written more about Authorization Services: https://gruchalski.com/posts/2020-09-05-introduction-to-keyc...

And can recommend these resources: https://www.janua.fr/tag/technical-blog/

[candiddevmike]

Keycloak is designed to be super flexible and support almost every combination of auth methods out there. A lot of companies don't need this kind of complexity though, which is where something like Dex may be more appropriate--it's quite a bit simpler.

[streetcat1]

I think that keycloak is based on JBoss, which is GPL? Hence I am not sure that you want it for commercial projects. But I might be wrong.

[jabiko]

Keycloak is licensed under Apache 2.0

[nurgasemetey]

There are many commercial projects using Keycloak as I know. Are they in danger?

[jeroenhd]

Edit: Keycloak is licensed with the Apache 2.0 license, so none of this is relevant for Keycloak.

GPL is only a problem if you import or change the source code. If you just run it in the backend, as a service, you're most likely fine.

If you customise Keycloak through code, you're probably in GPL violation territory. With the customisability of Keycloak, I doubt that this is something many projects will ever run into.

[pricechild]

I don't think this is true.

The GPL allows you to copy & modify code for your own desires very generously.

The limitations you fear apply if you distribute the code (in source or other forms) or modifications yourself.

[jeroenhd]

That's true; assuming you run the software on your own premises, GPL won't hurt you at all. If you sell premium software packages to be run over at your clients' hardware this can be a problem, though.

However, after looking into Keycloak more closely, the software seems to be licensed with the Apache 2 license, so none of this is a concern.