How does it compare to Hydra/Dex? What I'm missing is a page that tells me where it sits in the ecosystem. A versus page if you will.
Today I was evaluating what I we should use for something like this, a unified Facade with an API.
We evaluated Traefik and Kong. Decision was for Kong, since we need more features like auth, logging, rate limit.
This looks pretty reasonable! I would love to see a Cloud Storage backend. A minor quibble is that I think that managing your own metrics in Redis is probably not the simplest or most flexible approach - instead, you should consider exposing a /metrics endpoint that can be ingested by the user's monitoring tool of choice (Prometheus/InfluxDB/etc).
Am I missing something, or does this really have no support for TOTP/HOTP? An authentication system without 2FA or U2F support in 2017 seems... lacking (or unfinished).
How does AuthN compare to Keycloak?
the toplevel links (implementation / deployment / configuration) don't work for me, they go to say
/keratin/authn-server/docs/config.md
which is a 404 presumably instead of
/keratin/authn-server/blob/master/docs/config.md
Has Keratin gone through any security research / penetration testing?
Is SAML supported and if not is it planned in the near future ?
Is there an API client for this in Go?
It's just name/pass
It would be much more interesting to me if it also did Oauth2 login with Google/Facebook/Twitter/etc.
almost no test coverage. did i miss them ? for proper use in production you would need to have hundreds of unittests and a whole bunch of component + integration and e2e tests.
"Microservices perform better, especially when written in Go."
Nonsense.
We're currently using this as our auth layer for https://empatico.org, so it's production ready!