We are building an application using microservice approach and we'd like to use keycloack as our authentication / authorization service. Our application will require a lot of personal data from the user (addresses, telphones, different personal certificates, insurances etc.) and we need to store that - can/should we extend keycloack to be able to store all of these user data? What are the advantages / disadvantages of such approach?
If we keep all data in keycloack, is it ok if some of our microservices will query keycloack to get other users data? (e.g. Role "agent" user wants to checkout 10 most recent users and their submitted data) - or should we store just minimal data in keycloack and design a separated service for all user data?
Keycloak uses a relational database management system (RDBMS) to persist some metadata about realms, clients, users, and so on.
Keycloak stores by default the users data in its own database. But you can also connect to other data sources, if you already have some (legacy) stores or simply don't want to store your users data in Keycloak itself.
I would not use keycloak as database to store users' info.
Keycloak provides interfaces (https://www.keycloak.org/docs/latest/server_development/index.html#_user-storage-spi), you can easily make custom User storage SPI, which can connect to your application's database
Advantages are:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With