Warrant Reviews

Keycloak Reviews

Warrant mentions (21)

• A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev

  Warrant — Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules. - Source: dev.to / 4 months ago

• How Open ID Connect Works

  The specific challenge with authz in the app layer is that different apps can have different access models with varying complexity, especially the more granular you get (e.g. Implementing fine grained access to specific objects/resources - like Google Docs). Personally, I think a rebac (relationship/graph based) approach works best for apps because permissions in applications are mostly relational and/or... - Source: Hacker News / 5 months ago

• How to Do Authorization - A Decision Framework: Part 1

  Let's use warrant.dev as an example. The system provides a set of REST APIs for you to define object types and access policies (called warrants). The general process is first to create object types using HTTP POST:. - Source: dev.to / 6 months ago

• A guide to Auth & Access Control in web apps 🔐

  Https://warrant.dev/ (Provider) Relatively new authZ provider, they have a dashboard where you can manage your rules in a central location and then use them from multiple languages via their SDKs, even on the client to perform UI checks. Rules can also be managed programmatically via SDK. - Source: dev.to / 7 months ago

• Show HN: Open-Source, Google Zanzibar Inspired Authorization Service

  Hey HN, I recently shared my thoughts on why Google Zanzibar is a great solution for implementing authorization[1] and why we decided to build Warrant’s core authz service using key concepts from the Zanzibar paper. As I mentioned in the post, we recently open sourced the authz service powering our managed cloud service, Warrant Cloud[2], so I thought I’d share it with everyone here. Cheers! [1]... - Source: Hacker News / 11 months ago

Keycloak mentions (4)

• Beyond the login page

  Most of the time nowadays, I prefer offloading this to an identity provider, using OpenID Connect or soon Federated Credential Management (FedCM), even if that means shipping an identity provider as part of the deliverables (I generally go with Keycloak, with keycloak-config-cli to provision its configuration). I'm obviously biased though as I work in IT services, developping software mainly for... - Source: dev.to / 6 months ago

• Okta Says Hackers Stole Data for All Customer Support Users

  Yet another breach of Okta... Why are companies not running something like keycloak [1] themselves? Are administrative/maintenance costs too high or is it plausible deniability? [1] https://keycloak.org. - Source: Hacker News / 6 months ago

• I built a ready-to-use auth server with TypeScript and Express.js

  I'd stick with a solution like https://keycloak.org in that instance. Source: about 1 year ago

• Authelia is an open-source authentication/authorization server with 2FA/SSO

  A few more projects in this space: - Keycloak (you won't get fired for picking this)[0] - CloudFoundry's UAA[1] - Gluu [2] - Keratin [3] - OpenUnison [4] - Dex[5] - Netlify's GoTrue[6] All of these solutions are a bit different but here are some of the axes: - Whether or not they function as an OAuth provider - Whether they're centered around application-user-login (email + password) or application auth (OAuth) or... - Source: Hacker News / about 3 years ago