alt Hacker NewsI posted this because using an authorization server like OpenFGA creates a real issue: syncing authorization related data.
There's identity data that needs to be synced (from an identity provider). This seemed like a cool open source solution for that. It's not enough, of course.
You also need to sync data between your application/domain and the authorization server to have accurate authorization decisions. But other than using the authorization server's SDK, I don't think there's a general solution to that problem.
Disclaimers: I have not used this software. I don't know if it is maintained. I also work for a company that has competitive offerings for both Keycloak and OpenFGA.
In your view why is using the AuthZ server SDK not a good solution - or maybe other way around, what would be a more general solution?