I do sessions-based authentication via my API server. You can implement this in quite a few ways, but I think Redis is pretty common for the speed. I think there are libraries in most languages that should implement this in some way or another, but it isn't too hard to do by yourself either.
JWT also works very well if you don't need the ability to immediately revoke access, since in an efficient JWT implementation, you'd only be refreshing the token at specific intervals.
I also have a couple of flows set up to authenticate users via the Facebook and Google OAuth APIs, tying them to my own users' accounts.
Stripe Billing handles subscriptions and renewals. From there you’re just a few webhooks away from tying that with whatever auth solution you go with.
We use Chargify for handling subscription signups and taking money. It connects with Auth0 for our user authentication and management. They're both inexpensive and you can set them up by yourself.
Check out https://github.com/saasform/saasform
(I'm a co-founder, feel free to reach out directly.)
Firebase Auth is my go-to, but I don't consider myself an expert as I only work with TypeScript and React/Nextjs. I still have to do some hands on work managing the user session, and relating users to other related records in Firestore. And their prebuilt UI components can be problematic. And of course I have to keep user data in sync with payment state by handling Stripe events.
I'd love to find something even more hands-off for my next project...
I have a side project successfully utilising Firebase auth. But do understand that this is a “sticky” approach. Moving away (for whatever reasons) is difficult. You want to have a clear migration strategy if you opt for 3rd party auth mechanism. You don’t want a vendor owning your customers. I have heard of Auth0 and would recommend exploring it for the reason that OAuth based approaches will provide you decent portability.
Very interested in this. I’ve written this in multiple projects. Have always thought it’d be cool to extract out but never got too.
I’ve used auth0 before. It was way easier to understand than Okta.
Why do you think your site would be too complex?
Laravel spark is something im using but not actively charging for
You need customers for that
Mostly Flask with helper packages. But also userbase.com for howsyourblank.com and just a phone number for textpost.me :)
Flask with jwt Stripe for bills
Firebase for the auth
One approach:
There are skeleton projects for each framework (Django, Node, etc.) that will take care of all this. One-time fee. You'll have to maintain it. But it's great to get started.
Basically, search for "saas boilerplate" or "saas skeleton".