This is especially interesting as it's passwordless and so allow to avoid any credential in the db.

A recent post about that: Quincy Larson, https://www.freecodecamp.org/news/360-million-reasons-to-destroy-all-passwords-9a100b2b5001/#:~:text=Remember%20Myspace%3F,password%20combinations%20on%20other%20websites., Free Code Camp blog.

[ This task isn't in my immediate radar. ]

Development moratoire

Per T1771, we're currently considering implementing Keycloak as a reference identity management and SSO login product.

This product exposes a LDAP, OIDC (OpenID Connect) and SAML capabilities to authenticate users and applications. It seems to solve our main problems.

From there, it's not clear what we do with Auth Grove:

• Scenario A. We drop it, and as users we directly interact with Keycloak. Development is discontinued.
• Scenario B. Auth Grove is morphed into a front-end to use Keycloak: we expose current information, and interact with Keycloak API (through a generic set of classes to allow to switch to another solution) to set credentials and metadata.
• Scenario C. We use both Keycloak AND Auth Grove. We don't make integrate with Keycloak at all, to stay independent and not vendor-locked.

While T1771 evaluation is ongoing, a moratoire covers any development activities related to Auth Grove, with the obvious exception of security issues.
This moratoire cover fully or partly this task.