I don't think we're anywhere near the equivalent of any library or application being named starting with a J when it was written in Java - and not even actual words beginning with J - just slap a J at the start of any old name.

The benefit of this would be the community curation so that everyone benefits.

One could argue that you could treat those bookmarks as "personally curated search results"?

Totally agree. Back in 2004 I used it daily to bridge between two PCs running on one network, behind a firewall with one running the synergy server and the other the client, and a laptop running the client. Both PCs were under my desk with my laptop and two screens from the PCs on top. I had one keyboard and mouse across three screens powered by three computers and could seamlessly not only move my mouse across all 3, but also copy paste text across too. I believe a newer version (which may never have materialized before it went closed source) was going to have drag n drop across too. It was so easy to work with and remember it very fondly. It was magic stuff.

How about KeyCloak? We use it for OIDC and it's feature rich with support for private key signing and back channel logout.

https://www.keycloak.org/docs/latest/securing_apps/

I use keycloak, but it's Java and I need Go or better performance.

With the new UI mass admin tasks are no longer possible. At least version upgrades are better now.

Keycloak has no ed25519 support. Louketo proxy or whatever it's called nowadays only supports RS256, so I had to write my own OIDC middleware. At least they stopped generating UUIDv4 secrets.

Hydra is too complex.

Dex is too simple.

Identity Server lacks performance because C#.

Zitadel, heard but not tried yet. The keycloak vs zitadel page doesn't help. Is the Zitadel access token also jwt like in keycloak and included role membership?

I use a Vue client specifically for Keycloak. The generic openid-connect-client is unmaintained. The TS fork doesn't have a working, maintained, reactive implementation.

Why does OIDC have to be so complicated? I know why... so you, like with k8s, trust external, paid for (expensively), companies with your work and data.

The old "make it complicated so people would rather pay for our services".

Remember the story about the oauth1 creator quitting the oauth2 project?

https://www.wired.com/2012/07/developer-quits-oauth-2-0-spec...

Keycloak ed25519 issue https://github.com/keycloak/keycloak/issues/15714

> Zitadel, heard but not tried yet. The keycloak vs zitadel page doesn't help. Is the Zitadel access token also jwt like in keycloak and included role membership?

By default Zitadel uses opaque tokens but you can switch to JWT and use an piece of JS code (actions) to insert whatever claim you want into the tokens

Go or better performance so...C# or Java? :)

i think most people look at keycloak, and just feel overwhelmed, but that seems to be the case for OIDC in general, they always feel insanely heavy, something like this with a flatfile config and single file executable seems pretty amazing.

I always assumed you had to create/manage user credentials inside KeyCloak. I'll take a deeper look at the docs.

You can modify the login flow in Keycloak to make it more or less just pass through the credentials/claims, but that's not the default.

Maybe something like this: https://ultimatesecurity.pro/post/first-login-flow/

And it's also valid for UK postcodes to be reused, e.g. following demolition of the original buildings, e.g. tower blocks, the postcode may be deactivated for a period of time, then reactivated when new buildings elsewhere need a new postcode.