Keycloak open redirect: wildcard redirect URIs can be exploited to steal tokens

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
  • casdoor

    Discontinued An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA and RADIUS [Moved to:]

  • I'm using Casdoor: and glad to see it only has ~77,000 LOC according to the shared link.

    Keycloak was good but has too much legacy for 10+ years. Casdoor is pretty new and has become a good replacement for Keycloak for me with more functionalities.

  • Keycloak

    Open Source Identity and Access Management For Modern Applications and Services

  • > Keycloak was good but has too much legacy for 10+ years.

    I got curious, actually seems to check out and explains why it's so well documented (but also complex and oftentimes confusing):

    > The first production release of Keycloak was in September 2014, with development having started about a year earlier.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts