π§ Day 2: Kicking off Auth Service β Exploring Keycloak vs. Duende IdentityServer
In our journey to build a robust, secure, and scalable e-commerce platform (SmartKart π) using .NET Core and Microservices, we are now diving into the Authentication and Authorization layer.
Why Start With AuthService?
Authentication is a cross-cutting concern and a foundational piece for secure APIs. Starting here ensures all downstream services follow a consistent security model.
π What is Keycloak (in simple words)?
Keycloak is an open-source identity and access management tool.
Think of it as a central place where:
- Users register and log in π
- Roles and permissions are managed π‘οΈ
- Tokens (JWT) are issued for secure API access π§Ύ
And the best part? It already has all the features built-in β you donβt have to code login pages, password management, token handling, etc., yourself!
β
Why We Chose Keycloak Over Other Options
As a .NET Core engineer, I evaluated a few options like:
- ASP.NET Identity + JWT (custom)
- Duende IdentityServer (formerly IdentityServer4)
- Keycloak
Here's why I picked Keycloak:
βοΈ 1. Fully Open Source
No license needed for commercial use. Duende requires a paid license for most real-world projects.
βοΈ 2. Feature-Rich, Out of the Box
Login UI, forgot password, role mapping, token issuance β all ready without writing extra code.
βοΈ 3. Centralized User Management
You get a user-friendly admin panel to:
- Add/edit users
- Assign roles
- Configure clients/apps
βοΈ 4. Standards-Based Protocols
Supports OAuth2.0, OpenID Connect, and even SAML β works well with .NET Core's JWT middleware.
βοΈ 5. Easy to Integrate with .NET Core
Though written in Java, itβs protocol-based, so integration with .NET Core is seamless using:
- JWT Bearer Authentication
- OpenID Connect client libraries
βοΈ 6. Scalable & Cloud-Friendly
Supports Docker, Kubernetes, and clustering β ideal for microservices.
π Summary Comparison Table :
Feature | Keycloak β | Duende IdentityServer β |
---|---|---|
Open Source (free to use) | βοΈ Yes | β No (requires paid license) |
Admin UI for users/roles | βοΈ Built-in | β Needs custom development |
Login/Register/Forgot UI | βοΈ Provided | β Build yourself |
Protocol Support (OAuth2/OIDC) | βοΈ Yes | βοΈ Yes |
Easy .NET Core Integration | βοΈ Yes (via JWT/OIDC) | βοΈ Native |
Multi-tenant support | βοΈ Realms | β Manual effort |
Top comments (0)