Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it OK to use Keycloack as user database?

We are building an application using microservice approach and we'd like to use keycloack as our authentication / authorization service. Our application will require a lot of personal data from the user (addresses, telphones, different personal certificates, insurances etc.) and we need to store that - can/should we extend keycloack to be able to store all of these user data? What are the advantages / disadvantages of such approach?

If we keep all data in keycloack, is it ok if some of our microservices will query keycloack to get other users data? (e.g. Role "agent" user wants to checkout 10 most recent users and their submitted data) - or should we store just minimal data in keycloack and design a separated service for all user data?

like image 494
Przemyslaw Borkowski Avatar asked Jan 07 '19 14:01

Przemyslaw Borkowski


People also ask

Is Keycloak a database?

Keycloak uses a relational database management system (RDBMS) to persist some metadata about realms, clients, users, and so on.

Where does Keycloak store user data?

Keycloak stores by default the users data in its own database. But you can also connect to other data sources, if you already have some (legacy) stores or simply don't want to store your users data in Keycloak itself.


1 Answers

I would not use keycloak as database to store users' info.

Keycloak provides interfaces (https://www.keycloak.org/docs/latest/server_development/index.html#_user-storage-spi), you can easily make custom User storage SPI, which can connect to your application's database

Advantages are:

  • You can use mappers to map users attributes into users' tokens
  • You do not need to touch keycloak database (it should be used only by keycloak)
  • Scalability (for each realm, you can have different user storage SPI)
like image 193
BlackPearl Avatar answered Oct 03 '22 09:10

BlackPearl