3/16/2026 at 4:13:19 PM
I posted this because using an authorization server like OpenFGA creates a real issue: syncing authorization related data.There's identity data that needs to be synced (from an identity provider). This seemed like a cool open source solution for that. It's not enough, of course.
You also need to sync data between your application/domain and the authorization server to have accurate authorization decisions. But other than using the authorization server's SDK, I don't think there's a general solution to that problem.
Disclaimers: I have not used this software. I don't know if it is maintained. I also work for a company that has competitive offerings for both Keycloak and OpenFGA.
by mooreds
3/16/2026 at 5:49:58 PM
In your view why is using the AuthZ server SDK not a good solution - or maybe other way around, what would be a more general solution?by MidnightRider39
3/16/2026 at 5:58:00 PM
I was more musing than anything else. I don't think application data is standardized enough to use a more general solution. This is true across all AuthZ servers; it's not an OpenFGA problem.Maybe there's a mapping layer that is possible (similar to ETL) that moves it out of code into configuration? But I'm not sure.
by mooreds