If anyone of the team here would be interested in doing a little coding session with me around building a keycloak event listener that uses the spicedb java client to fill up a spicedb instance with users and adds them to groups while using the keycloak UI... I started a heavy WIP branch here:
https://github.com/DGuhr/keycloak-openfga-event-listener/tree/spicedb_exp and am more than happy to collaborate. - the branch is using the same principle as someone used for openFGA, i guess it'll become its own repo when i removed all the other stuff (see main branch readme for architecture overview). Imo it'd be nice to have such a connector, then you could e.g. connect keycloak to an ldap or identity provider, import the users and groups, and have the eventlistener emit events to
in case of user creation/update/deletion or group creation/update/deletion and then handle the permission system in spicedb while having a good migration path for all sorts of legacy databases and existing environments, as keycloak is good in integrating all of these. ^^