Overview

Keycloak

Stacks766

Followers1.3K

Votes102

ORY Hydra

Stacks25

Followers157

Votes8

GitHub Stars16.6K

Forks1.6K

Keycloak vs ORY Hydra: What are the differences?

Key Differences between Keycloak and ORY Hydra

Authentication and Authorization: Keycloak provides a comprehensive identity and access management solution, including authentication, authorization, and user management, while ORY Hydra specifically focuses on OAuth2 and OpenID Connect authorization. Keycloak offers a user-friendly interface for managing the complete lifecycle of users and their permissions, whereas ORY Hydra is more lightweight and designed to be integrated into existing systems.
Modularity and Extensibility: Keycloak is a monolithic solution that offers a wide range of features out-of-the-box, such as social login, single sign-on, and multi-factor authentication. On the other hand, ORY Hydra follows a modular approach, allowing developers to choose and integrate only the specific components they require, making it more lightweight and flexible.
Community and Support: Keycloak, backed by Red Hat, has a larger and more established community with extensive documentation and active user forums. This ensures better support and a wider range of available resources. ORY Hydra, although less popular, benefits from a rapidly growing community and provides help through their official documentation and GitHub repository.
Ease of Integration: Keycloak offers seamless integration with other Red Hat products, such as JBoss, and is optimized for Java-based applications. ORY Hydra, being language-agnostic, can be integrated into applications regardless of the programming language used. It provides APIs and SDKs in multiple programming languages, simplifying the integration process.
Scalability and Performance: Keycloak has been proven to handle large-scale deployments, making it suitable for enterprise-level applications. It provides features like clustering and load balancing for better performance and scalability. ORY Hydra, being more lightweight and modular, is also scalable but is typically used in scenarios that require less complexity and have lower resource demands.
Ecosystem and Integrations: Keycloak provides extensive integrations with various third-party services and protocols, making it easier to integrate with existing systems. It supports popular social login providers, like Google and Facebook, and protocols such as SAML and LDAP. ORY Hydra, on the other hand, has fewer integrations available but focuses solely on OAuth2 and OpenID Connect, making it a suitable choice for scenarios where these protocols are the main focus.

In Summary, Keycloak offers a comprehensive identity and access management solution with a user-friendly interface, extensive integrations, and strong community support. ORY Hydra, on the other hand, specializes in OAuth2 and OpenID Connect authorization, providing a modular and flexible solution suitable for specific use cases with its language-agnostic approach.

Advice on Keycloak, ORY Hydra

sindhujasrivastava

Jan 16, 2020

Needs advice

I am working on building a platform in my company that will provide a single sign on to all of the internal products to the customer. To do that we need to build an Authorisation server to comply with the OIDC protocol. Earlier we had built the Auth server using the Spring Security OAuth project but since in Spring Security 5.x it is no longer supported we are planning to get over with it as well. Below are the 2 options that I was considering to replace the Spring Auth Server. 1. Keycloak 2. Okta 3. Auth0 Please advise which one to use.

258k views258k

Comments

Detailed Comparison

Keycloak	ORY Hydra
It is an Open Source Identity and Access Management For Modern Applications and Services. It adds authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box.	It is a self-managed server that secures access to your applications and APIs with OAuth 2.0 and OpenID Connect. It is OpenID Connect Certified and optimized for latency, high throughput, and low resource consumption.
-	OAuth 2.0 Authorization Server;OpenID Connect certified;Flexible User Management;High Performance;Developer Friendly
Statistics
GitHub Stars -	GitHub Stars 16.6K
GitHub Forks -	GitHub Forks 1.6K
Stacks 766	Stacks 25
Followers 1.3K	Followers 157
Votes 102	Votes 8
Pros & Cons
Pros 33 It's a open source solution 24 Supports multiple identity provider 17 OpenID and SAML support 12 Easy customisation 10 JSON web token Cons 7 Okta 6 Poor client side documentation 5 Lack of Code examples for client side	Pros 4 Open-source 2 Scalable 2 Fully customizable
Integrations
No integrations available	ORY Kratos Docker Node.js JavaScript TypeScript Golang Ruby Python Java PHP

What are some alternatives to Keycloak, ORY Hydra?

Auth0

A set of unified APIs and tools that instantly enables Single Sign On and user management to all your applications.

Stormpath

Stormpath is an authentication and user management service that helps development teams quickly and securely build web and mobile applications and services.

Let's Encrypt

It is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).

Devise

Devise is a flexible authentication solution for Rails based on Warden

Firebase Authentication

It provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app. It supports authentication using passwords, phone numbers, popular federated identity providers like Google,

Sqreen

Sqreen is a security platform that helps engineering team protect their web applications, API and micro-services in real-time. The solution installs with a simple application library and doesn't require engineering resources to operate. Security anomalies triggered are reported with technical context to help engineers fix the code. Ops team can assess the impact of attacks and monitor suspicious user accounts involved.

Instant 2FA

Add a powerful, simple and flexible 2FA verification view to your login flow, without making any DB changes and just 3 API calls.

Amazon Cognito

You can create unique identities for your users through a number of public login providers (Amazon, Facebook, and Google) and also support unauthenticated guests. You can save app data locally on users’ devices allowing your applications to work even when the devices are offline.

WorkOS

Start selling to enterprise customers with just a few lines of code.

OAuth.io

OAuth is a protocol that aimed to provide a single secure recipe to manage authorizations. It is now used by almost every web application. However, 30+ different implementations coexist. OAuth.io fixes this massive problem by acting as a universal adapter, thanks to a robust API. With OAuth.io integrating OAuth takes minutes instead of hours or days.