On February 14, πŸ’” the Keycloak team announced that they are deprecating most Keycloak adapters.

Keycloak twitter

This includes adapters for Spring Security and Spring Boot, which means that in the future the Keycloak team will no longer provide integration solutions for Spring Security and Spring Boot.

The Keycloak project is a powerful OIDC (an extension of OAuth2) authorization server, and not even just an authorization server. It provides a number of adapters to provide an integration solution for other ecologies, but as mentioned in the official Keycloak statement.

Keycloak adapters don’t get the love and attention they need πŸ’”.

The statement says that the Keycloak team will abandon most of the adapter maintenance and focus more on the Keycloak server itself. In addition, Keycloak’s will also provide guidance on security solutions for all types of applications and even adapter alternatives through a Getting Started Guide.

List of expiring adapters.

  • OpenID Connect Java adapters
  • OpenID Connect Node.js adapters
  • SAML Tomcat and Jetty adapters
  • OpenID Connect WildFly adapters
  • Spring Security 、Spring Boot adapters

There are of course a number of adapters that will continue to be maintained:

  • OpenID Connect client-side JavaScript adapter
  • SAML WildFly and servlet filter

Keycloak has also published a timeline for the expiration of the relevant adapters:

  • February 2022: Adapter is deprecated.
  • September 2022: adapter no longer released in major/minor versions.
  • December 2022: mini-adapter no longer released.

Keycloak is currently the most powerful OIDC server, but it is also more expensive to learn and has fewer tutorials. This is an important reason why its adapter has not become popular. The Spring ecosystem’s Spring Authorization Server is also gradually improving and will quickly fill this gap.

Reference https://mp.weixin.qq.com/s/TmOPdqVVRZd3YH4qZpC5qA