Join
2
1 Comment

Simplifying auth and billing for SaaS projects

by joshnuss

Every time I tried to build a SaaS, writing the authentication and billing code would take time. It got me wishing there was a tool that would handle it so I could launch a bit faster.

Sure, there are lots of options for authentication, and Stripe handles all the payment stuff, but it still takes some work to glue those parts together.

If you're like me, you probably end up building very minimal version for the initial launch. That means having billing/auth code that lacks the features needed for higher priced "business" plans, like multiple users-per-account (aka teams), or Single Sign On (SSO) for "enterprise" plans.

So I decided to try and create a tool that would make this easier.

I ended up building an Identity Provider (like Netlify's GoTrue or Auth0) but specialized for SaaS. It runs on a subdomain right next the main app. ie, if the main app is at myapp.co, the IDP would be on the subdomainid.myapp.co

What makes it special is that it integrates with Stripe Subscription API. So all accounts get a Stripe Customer and Subscription associated with them during the signup flow.

To signup, it's just a link https://id.myapp.co/signup. That handles the OAuth/password/magic-link login and redirects the user to pay via Stripe Checkout.

Once paid, the account is activated and they are redirected back to the main site with a JWT token. The JWT token is tamper-proof and contains info about the account and even their Stripe Subscription & Customer IDs.

You can see an example JWT here: https://res.cloudinary.com/dzwnkx0mk/image/upload/v1654937082/1000experiments.dev/JSON-Web-Tokens-jwt-io_ycqfen.png

It also integrates with Stripe's billing portal, just add a link to https://id.myapp.co/account/portal.

A few more things about it:

  • It can deploy as cloud functions (Vercel, Netlify, AWS Lambda etc) or private/docker hosting
  • It supports multiple users-per-account, and multiple accounts-per-user (soon)
  • Open source
  • SSO and MFA is planned

I'm not really sure where this is headed, or if it will all work out, but I figured I'd share my progress so far.

Demo video

https://twitter.com/joshnuss/status/1536550836867833857

Here's is the experimental code: (not production ready)
https://github.com/joshnuss/idp-experiment

Avatar for user @joshnuss joshnuss
posted to Icon for group Developers
Developers
 on June 14, 2022
Say something nice to joshnuss…
Post Comment
  1. 1

    This is actually a really interesting approach.

    One thing I’ve noticed when building SaaS projects is that auth and billing always look simple at the beginning, but once you start adding teams, subscriptions, plan upgrades, SSO, etc., the complexity grows really fast.

    Having an identity provider that sits on a subdomain and handles signup + Stripe + token issuance sounds like a clean separation of concerns.

    I also like the idea of including subscription information directly in the JWT so services can make decisions without constantly querying the billing system.

    Curious — did you design this mostly for single-app SaaS projects or do you see it working well in microservice setups too?

    User Avatar MadMax4991
    ·
    2 months ago
    ·
    Reply
Trending on Indie Hackers
I built a WhatsApp AI bot for doctors in Peru — launched 3 weeks ago, 0 paying customers, and stuck waiting for Meta to approve my app User Avatar 52 comments Fixing broken scrapers instead of working on my actual product. So I made it my problem. User Avatar 44 comments I built an open-source PII masking layer for LLM APIs — early traction, looking for design partners User Avatar 33 comments How to see revenue problems before they get worse User Avatar 28 comments From broke and burned out as a PM, to launching my SaaS and optimizing my health User Avatar 27 comments I kept starting projects and dropping them. So I built a system that wouldn’t let me User Avatar 22 comments