Unknown's avatar Pete 5:22 am on May 3, 2025  

Building a Universal Auth Middleware for SaaS: Solving the Fragmented Authentication Problem

The Problem: SaaS Authentication Fatigue

As someone who uses dozens of SaaS products daily, I’m frustrated by the inconsistent authentication options across platforms. Some support Google OAuth but not GitHub. Others offer SAML but only for enterprise plans. Many still rely solely on email/password. This fragmentation creates:

  • Security headaches – Maintaining different credentials everywhere
  • User experience nightmares – Constant password resets and auth flows
  • Admin overhead – Managing SSO across multiple providers

The Vision: A Universal Auth Middleware

I want to build a middleware server that sits between users and SaaS applications, handling authentication seamlessly. Here’s how it would work:

  1. You authenticate with the middleware using your preferred method (WebAuthn, GitHub OAuth, SAML, etc.)
  2. The middleware authenticates to the SaaS on your behalf using whatever method the SaaS requires
  3. You get access without worrying about the SaaS’s auth limitations

Key Features

  • Multi-protocol support: Accept modern auth (OIDC, WebAuthn) and convert to whatever backend needs
  • Credential mapping: Your GitHub identity becomes the right format for each SaaS
  • Centralized control: One place to manage all your SaaS access
  • Protocol translation: Turn your FIDO2 hardware key into OAuth tokens for services that don’t support WebAuthn

Why This Matters

  1. User Experience: Never see “sign in with Google” again when you prefer GitHub
  2. Security: Enforce consistent MFA policies across all services
  3. Privacy: Control what personal info gets shared with each SaaS
  4. Future-proofing: Add new auth methods once to the middleware, not across all services

Technical Approach

The initial architecture would include:

  • Auth protocol adapters (OAuth2, SAML, WebAuthn, etc.)
  • Credential mapping engine
  • Token translation layer
  • Policy engine for access control

Next Steps

I’m planning to:

  1. Build a prototype supporting 2-3 auth methods and 1-2 SaaS backends
  2. Open source the core components
  3. Create plugins for common SaaS platforms