Fork me on GitHub

I’m using Cognito. It was nasty to set up but (as you say) is good to keep everything with one vendor. I eventually set it up using CDK


I plan to move to Keycloak in the future though: better features and docs all around. Can still run that on AWS

Ahmed Hassan07:04:00

There's library named `keycloak-clojure` to wrap the Keycloak Java Adapter

Ahmed Hassan07:04:01

How much feasible is setting up Keycloak for a single developer? vs using sessions and PostgreSQL tables for user's email/username, roles, hashed password and permissions? Using Buddy and Permissions ( for this purpose. I'm asking from the perspective of operational cost, complexity, barriers versus benefit.


I've not used keycloak with clojure before, but i've used it with a python webapp


i liked not having to worry about sessions, and getting to offload a lot of the security stuff to gatekeeper

Ahmed Hassan08:04:10

How did you setup keycloak? is it feasible to do it on same machine on DO droplet on which app installed (with postgresql for app data)?


actually the nice part is more gatekeeper than keycloak! not sure if AWS has a similar setup, but the idea behind gatekeeper is that it takes client traffic like a reverse proxy, and only forwards it upstream if it passes validation


i set it up on another VM


if you set it up on the same machine, you'll have to deal with routing the client requests between keycloak and your app


the client will need to be redirected to keycloak, that's the way OAuth works

Ahmed Hassan08:04:32

so request would go like nginx -> keycloak -> keycloak gatekeeper -> clojure app


nope, it'll be something like

nginx -> keycloak
gatekeeper -> clojure app


this isn't the python app, it's a quickstart that keycloak provided


i modified it to work in docker and added further instructions to make it a quicker quickstart


I used caddy to route between keycloak and the java app (this one doesn't use gatekeeper)


not sure if this is such a good idea for a production service though