Event Publisher enables event integration between Keycloak and OpenFGA
mooreds
28 points
5 comments
March 16, 2026
Related Discussions
Found 5 related stories in 86.2ms across 8,358 title embeddings via pgvector HNSW
- What we learned building 100 API integrations with OpenCode rguldener · 25 pts · March 30, 2026 · 32% similar
- AGPLv3§74 Empowers Users to Thwart Badgeware Like OnlyOffice pabs3 · 19 pts · April 26, 2026 · 32% similar
- Donating Agent Payments Protocol to the Fido Alliance pentagrama · 12 pts · April 28, 2026 · 31% similar
- Friendica – A Decentralized Social Network janandonly · 141 pts · April 05, 2026 · 31% similar
- Flock Holding Closed Police Conference, Requires Police Consent for Marketing jhonovich · 51 pts · May 04, 2026 · 31% similar
Discussion Highlights (2 comments)
mooreds
I posted this because using an authorization server like OpenFGA creates a real issue: syncing authorization related data. There's identity data that needs to be synced (from an identity provider). This seemed like a cool open source solution for that. It's not enough, of course. You also need to sync data between your application/domain and the authorization server to have accurate authorization decisions. But other than using the authorization server's SDK, I don't think there's a general solution to that problem. Disclaimers: I have not used this software. I don't know if it is maintained. I also work for a company that has competitive offerings for both Keycloak and OpenFGA.
gebalamariusz
Overall, it's interesting. OIDC is probably the most common practice for inter-service authentication today. The problem is that in practice, I've seen many configurations where OIDC could be used as an attack vector (missing sub claim condition, which effectively allows any token to assume the role).