Lack of clarity in dealing with the different account management solutions

Questions

1. Is it advisable for a mature organization with high customization needs in the account management area to already be on the new Declarative Account Management?

2. When is Declarative Account Management scheduled to go live? How long should Legacy Account Management be supported and further developed after the declarative approach has gone live?

3. Is the AccountRestService API intended for public use, and if not, should it receive an officially supported counterpart in the future?

4. Is there a recommended way to extend the Legacy Account Management with an account deletion function?

Context

My organization is currently migrating several of its authentication services to Keycloak. Currently, I’m busy thinking about how to make account management as consistent and future-proof as possible.

From what I have found out so far, there are basically four possible solutions.

1. customizing the Legacy Account Management Console
2. using the Declarative User Profile
3. implementing a custom client against the AccountRestService API
4. implementing a custom client against a custom REST API

While we would like to see a standardized solution with as little custom development as possible, none of the first three solutions appear to be ready for full production at this time:

Legacy Account Management is in danger of being deprecated soon and does not seem to offer users the ability to delete their accounts on their own;

The Declarative User Profile is currently still a preview feature and the use of the AccountRestService is described in Internet blogs but does not seem to be officially supported.

As of today, the current documentation unfortunately does not make any completely conclusive statements about the roadmap for account management.

The Server Developer part does not mention the declarative approach. In addition, there are references to extending the themes of the Legacy Account Console, but no mention of the possibilities to make changes in the associated backend.

In the Server Administrator part of the documentation, on the one hand, it is recommended to start migrating to Declarative Account Management. Still, on the other hand, it is made clear that this is a preview feature.

I would be extremely grateful to get some clarity on this.

Many thanks to the Keycloak developers, the community and the excellent work you all are doing!

Desperate attempt to bring this topic (back) into the conversation!

This is a really great, comprehensive question. However, it probably needs on of the maintainers to answer it, and they are not really active here. I would recommend going to the Keycloak Github Discussions for roadmap, deprecation, support, etc. issues.