Quite a confusing comparison, especially against Keycloak. From what I can tell the open source part doesn't seem to do anything Keycloak doesn't do, but many of Keycloak's features aren't on the list.
The chart also assumes you're using the hosted solution (as 2FA isn't even available on the open source version according to that same page). If that's the case, it should compare against any hosted Keycloak provider, because SLA and management are readily available. I suppose the table could also compare the open source versions, but that wouldn't be very advantage to SuperTokens with major features still marked "coming soon".
One thing Keycloak lacks is an easy to use API, using complex OpenID/OAuth/etc. APIs and two language specific libraries instead. That seems like a much more sensible option to distinguish between these products. As someone currently using Keycloak (and not experiencing any problems with it after setup) this comparison just isn't very convincing.
If you ignore the subjective lines two and three of the comparison table, keycloak looks objectively better. And it has an Apache 2.0 license for the whole product.
Honestly, thanks for putting keycloak on my radar.
I see the supertokens team in this thread doing nothing to make me think that they intend to stop misleading people.
I'm happy with the way I've got Keycloak set up (especially ability to simply throw Apache's OpenID Connect in front of arbitrary paths) but I do recommend also looking into alternatives. Keycloak is great for enterprise SSO setups where you need to authenticate to ten different services on ten different domains, but there are much simpler options out there if all you need is auth for a single website!
I imagine the biggest reason to go for Supertokens is the first-party SaaS support. If you want to outsource auth (like Auth0/Firebase Auth/etc. do) then I think there's something to be said for this project. The open source-ness doesn't add too much value in that use case, though.
Right. Makes sense. I think what we had originally intended to communicate is the ease of customisability, in which case, we feel that Keycloak's UI customisation is more difficult to do.
The chart also assumes you're using the hosted solution (as 2FA isn't even available on the open source version according to that same page). If that's the case, it should compare against any hosted Keycloak provider, because SLA and management are readily available. I suppose the table could also compare the open source versions, but that wouldn't be very advantage to SuperTokens with major features still marked "coming soon".
I'm not sure why Keycloak wouldn't offer "UI and backend customisability". The theme guide shows quite a lot of customisation (https://www.keycloak.org/docs/latest/server_development/#the...) to the point where you can restructure the HTML itself.
One thing Keycloak lacks is an easy to use API, using complex OpenID/OAuth/etc. APIs and two language specific libraries instead. That seems like a much more sensible option to distinguish between these products. As someone currently using Keycloak (and not experiencing any problems with it after setup) this comparison just isn't very convincing.