❔ What to use instead of keycloak for built-in auth?
I'm working on the backend for my app. The app was originally going to be a web app, so currently for auth im using keycloak. Trouble is, the login screen has a "skip" button to use the app offline. I want this to work even if the user is not connected to the internet, so the login screen needs to actually be part of the app. I've successfully implemented this by using the password grant auth flow for signing in, and using the keycloak admin API behind my API for things like verifying email and changing passwords. Problem is this is getting increasingly jank. For example, I can't figure out any way to implement 2FA and the "change password" flow works by trying to issue a token with the "current password" the user provided, and then changing the password via the admin API if it succeeds
I know about IdentityServer4 but it sounds like its abandoned. Security needs to be really good because my application stores very sensitive user info
5 Replies
I'm not to flamiliar with the built in identity provider in asp.net core. Would that allow me to keep the login/password change/etc forms in my native app?
i was able to get things working using the built in identity provider thanks
is it really worthy changing the authentication/authorization system for finding something that implements 2fa in a simpler way?
It's probably not a good idea to do jank workarounds when login is involved
well that's why stuff like keycloak was born
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.