Back in the days when those of my generation were wild, young and free (I’m laughing), whenever programming a web application the first thing we had to think of was the authentication.
Each time it was kind of a struggle: prevent SQL injections and other kind of attacks, store user profiles and encrypted passwords, what authentication cookie should we be using, and so forth, so on.
There was very often something that made us scratch our head upon. The amount of needed work started to increase when our application had to support external identities for users, coming from Twitter, Facebook, or Google for example.
The advent of those external, global identity providers using OpenID-based authentication and authorization protocols (like OAuth) allowed us to make a giant step forward; there was no need for our application to store user passwords, just to mention one of the advantages.
Things got even better when identity provider software platforms, like Keycloak, came into play; it turned out we can have our own identity provider deployed directly in our structure (either on-premises or in cloud) providing us with full control over authentication and authorization policies, storing user profiles, and federating authentication, all in one place with every aspect being adherent to top-notch security standards.
What is more, integrating Keycloak’s authentication and authorization with our applications requires as little effort as importing a dedicated connector (called adapter) in our app, so that the whole communication and token exchange behind authentication is handled for us already.