logoalt Hacker News

nvegatertoday at 4:24 PM3 repliesview on HN

how is this related to better auth ? In my understanding, keycloak and better auth are fundamentally different. I would compare keycloak more with Ory for example.


Replies

vaishnavsmtoday at 4:43 PM

Keycloak and Better Auth aren't as fundamentally different as you may think! Better auth supports authn/z, being an identity _source_, being an identity provider, being an OIDC/SSO provider (so others can login using better auth), rbac, SAML/SCIM, and a ton more. It's actually really powerful! Most folks found better auth as an alternative to next-auth/auth.js - but better auth does a lot more than those.

(some of those features are enterprise only)

show 1 reply
jzebedeetoday at 4:45 PM

It's a good reminder, because in the auth landscape I wish I had just picked up Keycloak and stuck with it. Commercial auth is a bad value proposition and not the kind of infrastructure where you want to have acquisition churn happening often.

The self-hosted space is another headache. I wasted so much time trying to make smaller self-hosted auth solutions work, since Keycloak has a reputation for being heavyweight.

I looked into the Ory stack extensively trying to actually use it as advertised for self-hosted / open-source auth. It's aggressively gimped and its SSO features are emphatically _not_ open-source and are gated behind licensing, with no way to find out until you're actually running it.

It's also just unfinished. Their "stack" is a lot of cobbled-together Go mixed with incompletely rebranded acquisitions like SAML Jackson (now "Polis"), which they managed to gut so completely it went from a best-in-class OSS library to unusable.

show 1 reply