If you are going to use keycloak it's worth making sure their mental model matches your own. Specifically we had issues with our model of multi-tennacy, each in their own realm vs. the keycloak idea of multiple tennants in a single realm. It caused some large performance and management issues.
Ory is really interesting but not, IMO, quite there yet. There are a bunch of Kratos features that aren't there but, once they are, I think it's a really compelling option.
We used ORY fosite to write our auth service, and I have so far really enjoyed working with the lib. Feels like they aren't as focused on external users of the fosite lib though so much as their hydra solution which consumes it. The overall ORY ecosystem seems nice though, though I have not delved into it in detail past fosite.
If you're looking for next generation of identity solutions? https://magic.link is what everyone would need, provides decentralised identity, fair pricing and no vendor lock-in.
I hate this magic link flow. Its a major pain in my ass when I already have a password manager that knows how to login. Now I have to leave my browser and go to my e-mail client that will open a new tab even though I already have one open.
It is about time for a new generation of identity systems in my opinion. This acquisition shows the risk of centralized, vendor locked-in services.