Aha so let me lay out your options, as I see it:
- Create a custom auth provider for Keycloak by following this guide: Custom Authentication | RedwoodJS Docs
- If you do this, you can publish it in the same way I did this plugin, and if there’s enough demand it can be made into an official RW integration
- This feels to me like the best option for you, as you’re already set up with Keycloak
- The RW team and this forum are fantastic places to get help with this if/when needed
- Use Keycloak solely as an OAuth2/OIDC provider, and then use dbAuth as your IAM+LDAP, using this plugin to handle that connection
- With this option, you’ll have user info duplicated across the database being used by your RW app and the database you’re using for Keycloak
The whole purpose of dbAuth is to make it really easy to own your own auth, but if you’re already using Keycloak, then you already have that benefit. I don’t see any obvious advantages to using dbAuth on top of Keycloak, and it would complicate your auth stack.
Let me know if I’m missing anything! I think a RW+Keycloak integration could be a really cool alternative to dbAuth for people that want to own their own auth but have more enterprise/SSO needs.