You can theme the Keycloak UI to be similar to your app's one, particularly the login/registration screens so the user experience is very smooth.
But you can also define the user/account UI and logic in your app and just delegate the authn and authz data through the Keycloak APIs.
The second option seems interesting! Theming wouldn't help, my app is waaaay different from an old-style themed template (server-side rendering, client-side ClojureScript, websockets, etc).
I have the same setup (re-frame SPA, websocket, etc.), the only page that is themed with Keycloak is the login and password change page, everything else is handled by API calls.
I prefer to deal with account data and logic in a dedicated component that map with users stored in Keycloak. Even if you can associate custom attributes with user and groups, I don't think it's a good idea to do so (performance, separation of concerns, etc.).
For me Keycloak jobs is to handle authentication and authorization data and/or logic (authorization service is very well designed but a little bit complex), for simple use-case a role check in the application is enough.
> The second option seems interesting! Theming wouldn't help, my app is waaaay different from an old-style themed template (server-side rendering, client-side ClojureScript, websockets, etc).
Well, since we are talking SAML or OIDC here - you don't really have a choice for the login/registration. The IdP provides the login and registration pages, not your application. You are free to build your own account management page, but you still have to ask Keycloak for a token.
