Do you want to run your own, or is a Cloud provider also an option?

The new Keycloak is running on Quarkus instead of Wildfly, and therefore more lightweight. We evaluated using it, but we were concerned about properly securing the user data on our server and opted for Auth0 instead

Adding onto Auth0, its seemingly steep price pays off over the longer run in my experience.

Try to avoid running your own at all costs! In the long run the costs for maintaining it will be greater than just paying for a service.

Look into AWS cognito if you are off-put by auth0 pricing but be prepared to spend some time on it.

There is #web-security in where you could hit a better audience for your question. Also, I'd recommend the episodes with @U07QKGF9P on the Clojurescript podcast, there is something on identity management there, and I do remember him recommending AWS Cognito.

FWIW we're currently running “our own” identity management, using various Clojure libs like friend. What we've found is that as a first step we want to create a very clear boundary in our code between what's generic IM and what's our provisioning logic, since the first could be replaced by keycloak/cognito, whereas the second can not.

We use either AWS Cognito or Keycloack depending on several factors: Cloud vs On-premises, custom UI, etc.

@U0N9SJHCH I was hoping to be able to run my own to keep the cost low. As a database I’d use managed Postgresql, assuming user data is properly secured there 😉

Actually now looking at the Auth0 pricing it does not seem so steep at all, I guess I’ll check out the free plan with 7k MAU, that should be good for now 🙂

We use it and still have not payed a single Dollar to them, yet 😄 If you need advice integrating your backend or a Clojure SPA with it, feel free to reach out, there is not a lot of info out there

Cool, thank you very much!

Also: The DB for Keycloak is no security concern to me, I am more afraid of people accessing the data through the Software Layer. The maintenance can become quite expensive here, if there is a critical vulnerability concerned. And if there is no solution, yet, to work around the vulnerability, you’d have to switch your app off entirely, and that’s expensive 😉

My perspective more from the infra side with Keycloak is that its quite the headache when doing an upgrade/maintenance, specially the many many emails of planned schedules and upgrades at weird time of nights 😕 Auth0 is like a lifesaver. literally.

Also note that as a SaaS provider you'll run into all kinds of weird and wonderful OIDC/OAuth impls with different quirks and settings needed to make them work.

…which I hope Auth0 has all sorted out 🙂

Last time I looked at Auth0 it let you pass arbitrary js code into a text area to deal with these situations. Not my kind of fun :)

A little bit late to the party, my experience of running authn/authz with Keycloak is quite good for the moment : • Running Keyckoak on Kubernetes + postgres in a cloud provider is easy. The upgrade sometimes needs downtime but few minutes and for major release. The deployment model can fit one Keycloak for all the non-prod environments with realm as the isolation mechanism. • The provisioning can be the real culprit, but I wrote https://github.com/jgrodziski/keycloak-clojure especially to solve that problem. With it you can declare your conf and users and a reconciliation process can be triggered to reliably synchronize the Keycloak instance (with retry with exponential backoff, etc.). Of course the first thing for good evolvability is to never conflate a User (keycloak’s concept of an identity) with an Account (all other things related to that identity), that’s two different bounded context if I adopt the DDD’s vocabulary. • For the security side it’s difficult to trust 100% a provider but Keycloak being widely iused and open, the vulnerabilities are quickly discovered and solved. The Financial Grade API reassure me about the security level (and Keycloak is commonly used within Bank).

https://clojurians.slack.com/archives/C06E3HYPR/p1498773143616930

👀

Hah. https://clojurians.slack.com/archives/C06E3HYPR/p1498773329665422 https://github.com/clojure/clojure/commit/e45e47882597359aa2adce9f244ecdba730e6c76

Sometimes dreams do come true. :)

This example just freezes

import javax.sound.midi.*;
import java.io.File;

public class Player {
    public static void main(String[] args) {
        Player p = new Player();
        p.play();
    }
    public void play() {
        try {
            Sequencer player = MidiSystem.getSequencer();
            player.open();
            Sequence s = MidiSystem.getSequence(new File("./maple.mid"));
            player.setSequence(s);
            player.start();
        }
        catch (Exception e) {
            e.printStackTrace();
        }
    }
}

I have no idea what it is but what happens when you try to play a random file instead of mid? Maybe it doesn't crash as well? What about a nonexistent file?

If you can share the file here, I’d be happy to try and reproduce the issue

ah, sure, sorry

@U0N9SJHCH https://github.com/uncomplicate/clojure-sound/blob/master/test/resources/maple.mid

Works for me on Mac M1 with 17.0.1-tem

What does player.getDeviceInfo() output for you?

Yeah I guess the problem is with ubuntu or popos

Looks the same

Am afraid so, MIDI can be fickle, especially on Linux

Did Elon do something to them?

Maybe dug off their water supply (probably German context needed)

Tinfoil hat time... Maybe it is those bots...

Thousands report an immediate improvement in their mood

Imagine getting a better life because of some stupid hacker hacking twitter...

It's back. Better life is cancelled again!

Did they pull themselves off the internet like Facebook this a while ago

I didn't use it too much but from what I understand it's a wrapper on top of Java's standard library. And if they create data structures then you should look at the particular data structure and not the whole. So for me it seems that the most performance can be gained in writing the code (compared to writing Java) and not running it (i.e. it's a syntax sugar library). But you already use Clojure so you probably don't need Guava. Also I think that languages like Kotlin somewhat deprecate Guava as you can have better defaults. IMO Guava is a "better defaults" library. But being "better" is a subjective thing.

Thanks for the comprehensive answer. The reason why I asked that is because I wondered if Guava is for Java what Closure Library is for JavaScript. After reading your reply, I guess they have different scopes.

I like to think of Guava being to Java what Boost is to C++, not a perfect analogy but considering Boost offers more-sane alternatives to std

I’ve used Guava’s graph library from Clojure in the past too, doing some compare and contrast with Loom. Like most Google built libraries doesn’t do a lot of reflection magic like Spring so it’s more amenable to interop with other JVM languages

none at all, started wondering if it'd be for Java what Closure Library is for JavaScript. I think, now, that they have different scopes.