Keycloak ended up being quite extensible and powerful, but the UI and data model both sometimes made things more difficult than they had to be... this could be an interesting project to look at.
One bonus (for us) for Keycloak was that it was JVM-based, meaning it was easier to integrate our existing JVM libraries. Though its use of Hibernate was frustrating at times, heh
Additional enterprise features that are not available in the open source version such as SCIM, SAML, organization login ("SSO"), CAPTCHAs and more
(i work for Ory as DevRel)
Their dynamic forms stuff is really cool too, always liked how they chose to go about that. Only complaint I really ever had is that while their docs were overall serviceable, I remember some areas were pretty lacking and I had to dig really far to find answers to some fairly common issues.
In the TypeScript ecosystem, I'd probably take a look at Better Auth though, as the developer experience is really great!
Note to self: if I ever need a retirement project, open sourcing a properly architected auth solution would be it.
caleblloyd•50m ago
One of my biggest complaints was that one of the Account Recovery flows was just an emailed 6-digit code. So a 1 in 1 million chance that somebody without access to any of your stuff could hack you by just hitting reset and guessing "123456". It's actually surprising how many other Account Recovery flows across the web I have noticed recently that do the same thing. Not sure if Ory has added the option for more entropy in this code as of today's release though it's been a while since I've used it.
Otherwise it was a great project to work with that has tons of knobs to customize. I commend the authors, aeneasr especially. It must be a ton of work to keep up with all of the auth standards and offer this in an Apache2 licensed package all while building a business around it as well!
fady0•37m ago
jdmoreira•12m ago