Fork me on GitHub
#off-topic
<
2021-03-31
>
marciol00:03:52

About Basic Auth vs Oauth @stefan.van.den.oord and @dharrigan I worked at a local payments provider in Brazil, similar to Stripe (we inspired a lot in their APIs) and we also just choose basic auth for authentication. We never experienced any issue in two years of operation.

marciol00:03:36

But there we were a focused team with a very strong DevOps practice. In the current company I work, there is an info security staff that never would approve such approach

gklijs03:03:01

I would rather stay away from Keycloak. It depends on your setup. But because they use the database to sync things, combined with a 'slow' database, it was quickly failing in our case.

👍 3
Dimitar Uzunov12:03:27

My experience with Keycloak is that it comes with lots of operational overhead.. it is a complicated beast, and it is very likely YAGNI and it will still miss features. Although if you are willing to invest a lot of effort in operating Keycloack (like a single big installation) it might be a good option.

gklijs14:03:57

Yes, might be. In our case it’s ‘run’ by another team. But they don’t really know Keycloak.. Single big installation, with a good failover strategy might work beter then 3 instances with a load balancer.