About Basic Auth vs Oauth @stefan.van.den.oord and @dharrigan I worked at a local payments provider in Brazil, similar to Stripe (we inspired a lot in their APIs) and we also just choose basic auth for authentication. We never experienced any issue in two years of operation.
But there we were a focused team with a very strong DevOps practice. In the current company I work, there is an info security staff that never would approve such approach
I would rather stay away from Keycloak. It depends on your setup. But because they use the database to sync things, combined with a 'slow' database, it was quickly failing in our case.
My experience with Keycloak is that it comes with lots of operational overhead.. it is a complicated beast, and it is very likely YAGNI and it will still miss features. Although if you are willing to invest a lot of effort in operating Keycloack (like a single big installation) it might be a good option.
Yes, might be. In our case it’s ‘run’ by another team. But they don’t really know Keycloak.. Single big installation, with a good failover strategy might work beter then 3 instances with a load balancer.