>> It embeds in your system, even if you stick to a standard like OIDC, and is difficult to switch from, especially at scale.
This is precisely why a real, Open Source solution should be a top priority feature for anyone evaluating software like this. We have seen closed source solutions, time and time again, "realign" their business by dropping features, or even entire, free plans. In some cases, closed source software has been removed from the market all together when the company gets bought out. Changes in pricing plans leads to a worse fit for customers... etc. At least when Hashicorp and Elastic abandoned Open Source, the community had the option to say "yeah, good luck, thanks for the good times, but no thanks on your new direction" and fork the product to continue maintaining it. When a closed source products owners decide to "shift gears" on the product line up, customers are left between a rock and a hard place. Maybe if there were no Open Source options, but fortunately, there are several in the auth space.
I've been thinking lately how important it is that software be not only open source, but simple enough to be forkable. The fact that Keycloak is open source almost seems irrelevant given how massive the codebase is.
This is precisely why a real, Open Source solution should be a top priority feature for anyone evaluating software like this. We have seen closed source solutions, time and time again, "realign" their business by dropping features, or even entire, free plans. In some cases, closed source software has been removed from the market all together when the company gets bought out. Changes in pricing plans leads to a worse fit for customers... etc. At least when Hashicorp and Elastic abandoned Open Source, the community had the option to say "yeah, good luck, thanks for the good times, but no thanks on your new direction" and fork the product to continue maintaining it. When a closed source products owners decide to "shift gears" on the product line up, customers are left between a rock and a hard place. Maybe if there were no Open Source options, but fortunately, there are several in the auth space.