Keycloak

Fair

Agent Native Score

Free TierAPI Key AuthOpenAPI Spec

An open-source identity and access management (IAM) platform that provides single sign-on, user federation, and OAuth 2.0/OpenID Connect support. It enables secure authentication and authorization for applications and APIs.

Categories: Authentication · Identity_management · Authorization

#11 of 18 in Authentication · #5 of 7 in Authorization

Checklist Breakdown

13 of 33 checks passed. 14 unscored.

Discovery 63%

Can an agent find and understand this tool without a web search?

✓ Published OpenAPI/Swagger spec

✗ Has llms.txt or llms-full.txt

✗ Has an MCP server (official or well-maintained)

✗ MCP server listed in a public registry

✓ API reference docs are publicly accessible

✓ Docs include runnable code examples

✓ Has a public changelog or release notes

✓ Has a public status page

Auth & Onboarding 50%

Can an agent create an account and get credentials without human intervention?

✗ Signup does not require CAPTCHA

✗ Signup does not require phone verification

✓ Supports API key auth (not only OAuth)

✗ API key obtainable without manual approval

✓ No mandatory billing info to start

✓ Can sign up without creating an organization

Pricing 100%

Can an agent operate autonomously without upfront payment or contracts?

✓ Has a free tier

✓ Usage-based pricing available

✓ No minimum contract or commitment

✓ Pricing page is public (no 'contact sales')

✓ Free tier sufficient for testing (not just a trial)

Agent Tooling Not yet scored

How well does the API work for non-human consumers?

— SDK available in 2+ languages

— Structured error responses (JSON with error codes)

— Idempotency support on write endpoints

— Pagination on list endpoints

— Webhook/event support

— Sandbox or test mode available

— Rate limit headers in responses

— Consistent REST resource naming

Reliability Not yet scored

Does the tool fail gracefully when an agent makes a mistake?

— Meaningful error messages (not just 500)

— 429 responses include Retry-After header

— Documented uptime SLA (99.9%+)

— Graceful degradation under rate limits

— Request IDs in responses for debugging

— API versioning supported

Reviewer Notes

Keycloak excels in API design and reliability with comprehensive OpenAPI specs and Admin REST APIs suitable for programmatic access. Discovery is solid through documentation but lacks an MCP server or llms.txt. The major weakness for autonomous agents is account/realm creation—agents cannot self-provision without pre-configured admin access; new user registration typically requires human approval or email verification. The free open-source model is excellent, but operational complexity (requires self-hosting) and authentication setup overhead limit pure agent autonomy. Best suited for agents operating within already-configured Keycloak instances rather than bootstrapping from scratch.

Keycloak

Let your agents find tools like Keycloak