I’m looking for offload the security of my apps.
Recommended in this post on rust Reddit, I wonder if Keycloak is what I look for.
My major user case is a SASS/eCommerce app that has their own schema for users where some users are staff and the other are shoppers.
My app provides a main Postgres DB, schema per tenant, auth_user table for staff, and customers for shoppers. Both have much more fields and stuff that is necessary, not just email/pwd.
I don’t need to give full flexibility to each tenant. Same config, same rules, only need to have separated the staff/shoppers. Then regular login/logout/change pwd/recover pwd and then profiles, that could be made by me.
Plus, I need to authenticate utilities that run in the background but I think this is easy.
So:
- Look like I can use my own schema/tables per tenant using User Storage SPI, but I can split the staff/shoppers?
- Is necessary to create new realms per tenant? I can just have one and in the SPI set the schema in postgres?
- I need to run an app process per tenant? I have read that keycloak is heavy in resources. I was looking into https://www.ory.sh for the stated low resources but looks like are hostile to make it easy to work for multi-tenants.