Keycloak seems one of the best open source solution for adding authentication to applications and securing services with minimum fuss.
Below is a non exhaustive list of the features it offers:
- User Registration
- Social login
- Single Sign-On/Sign-Off across all applications belonging to the same Realm
- 2-factor authentication
- LDAP integration
- Kerberos broker
It could be used to manage the users authentications and permissions in swh-web but also to secure other Software Heritage services.
As a first experiment, let's try to use it to implement user authentication and rate limit permissions in swh-web.