Great question! Keycloak allows for some customization of the login page, but not to the degree that we wanted. Specifically, with Keycloak, you have to redirect to the login page running on their UI and that page is only configurable through adding themes. Since we already had a style defined with our previous auth0 work, we wanted to keep a login page that we can control.
Additionally, the architecture of Ory is microservices oriented vs. Keycloak’s large monolith. A microservice auth architecture means that updates to either platform can be done more easily which is important for managing API breaks. i.e. Kratos updates to new breaking API, no new security vulns found. Security researcher finds vuln in Hydra, Hydra patches that. We can just update Hydra to the security patch and delay our Kratos changes.
Finally, our product offers debugging of golang applications in prod (without recompiling code), so we slightly prefer go services so that we can use our own product.
Also from the repo of kratos:
> ORY Kratos is the first and only cloud native Identity and User Management System in the world. Finally, it is no longer necessary to implement a User Login process for the umpteenth time!
