keycloak-restrict-client-auth VS authentik

Compare keycloak-restrict-client-auth vs authentik and see what are their differences.

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
keycloak-restrict-client-auth authentik
1 165
268 7,098
- 10.6%
8.4 10.0
13 days ago 2 days ago
Java Go
MIT License GNU General Public License v3.0 or later
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.


Posts with mentions or reviews of keycloak-restrict-client-auth. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-09-11.


Posts with mentions or reviews of authentik. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-04-14.
  • Show HN: Stack, the open-source Clerk/Firebase Auth alternative
    2 projects | | 14 Apr 2024
    If you're looking for a system that has more features, is user friendly, a nice admin ui and easy deployments compared to Keycloak. Please give a shot. Not affiliated in any way, just a very happy user.

    It has

    -an admin UI

    - Supports (LDAP, SAML, OAUTH, social logins)

    - MFA, Passkeys

    - Application access based on user groups etc

  • immich SSO with Authentik
    3 projects | | 3 Apr 2024
  • Show HN: Auth0 OSS alternative Ory Kratos now with passwordless and SMS support
    4 projects | | 22 Feb 2024
    Hey, for authentik this is actually something we're actively working on:, and this will be included in our next feature release in April!

    (Disclaimer, I am founder and CTO of authentik)

  • Keycloak SSO with Docker Compose and Nginx
    21 projects | | 11 Feb 2024
    See here for the fix, which both implements the workaround suggested in the issue and also a much more standard-compliant method:
  • Has anyone had any success setting Authentik up behind Caddy for a reverse proxy?
    2 projects | /r/selfhosted | 8 Dec 2023
    Ask in the correct places for support: and
  • Authentik setup via Portainer?
    1 project | /r/synology | 7 Dec 2023
    I've been searching around for a while now, and struggling with getting Authentik setup on my NAS. I'd like to deploy via Portainer, but getting lost in the documentation just to deploy.
  • Show HN: Obligator – An OpenID Connect server for self-hosters
    18 projects | | 11 Oct 2023
    Personally I went with Keycloak, because it's fairly well documented and also has Docker images available: although the fact that they want you to create an "optimized" image yourself and have a long build/setup process on startup instead is slightly annoying:

    Regardless, with something like mod_auth_openidc or another Relying Party implementation, all of the sudden authn/authz becomes easier to manage (you can literally get user information including roles in headers that are passed from your gateway/relying party to apps behind the reverse proxy), regardless of what you have actually running in your APIs: (there are other options, of course, but I went with that because I already use mod_md).

    It's actually cool that there are plentiful options in the space, since OIDC is pretty complex in of itself and attempts at creating something pleasant to actually use are always welcome, I've also heard good things about Authentik:

  • Issues with authentik
    1 project | /r/NixOS | 7 Jul 2023
    Hello ! I am hosting a server under NixOS with multiple services, and to simply the identity management, I use authentik ( which can be compared to keycloak. Everything works fine until I try to enable mastodon to host an instance : authentik returns an error 400 and nothing changes this but disabling mastodon. Does anyone have an idea of what could be the cause of this ?
  • HAProxy with Forward Auth to Authentik
    2 projects | /r/selfhosted | 7 Jul 2023
    For Authentik, it looks like they are not interested to write how to configure HAProxy with it
  • Authentik reverse proxy vs swag
    3 projects | /r/selfhosted | 7 Jul 2023

What are some alternatives?

When comparing keycloak-restrict-client-auth and authentik you can also consider the following projects:

ct-keycloak-iam - This project extends the Keycloak authentication server to cover complicated enterprise use cases such as multi-tenancy, custom storage, n-level resellers by extending Keycloak through its SPIs such as storage, authentication, and identity provider.

authelia - The Single Sign-On Multi-Factor portal for web apps

keycloak-email-link-auth - A Keycloak plugin to authenticate users using a link sent via email

Keycloak - Open Source Identity and Access Management For Modern Applications and Services

zitadel - ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.

keycloak-home-idp-discovery - Keycloak: Home IdP Discovery - discover home identity provider or realm by email domain

keycloak-operator - ARCHIVED Kubernetes Operator for the no longer supported WildFly distribution of Keycloak

jellyfin-plugin-ldapauth - LDAP Authentication for Jellyfin

docker-swag - Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.

vouch-proxy - an SSO and OAuth / OIDC login solution for Nginx using the auth_request module