Skip to content
saas-core

Introduction

saas-core is a SaaS infrastructure kernel that integrates identity and commerce for your product suite. It is a single Node service that serves as the unified foundation for all your SaaS products.

What it solves

Section titled “What it solves”

Running multiple SaaS products means dealing with the same problems repeatedly:

  • Duplicate identity systems. Every product builds its own user table, login flow, session management. Users who sign up for Product A and Product B have no relationship between those identities.

  • No cross-product SSO. Products that belong to the same suite (e.g., Acme + Beta) should share a login session. Without a shared identity layer, this requires building a separate SSO gateway or accepting duplicate logins.

  • Fragmented subscription data. Each product integrates LemonSqueezy independently. There is no single source of truth for who bought what, across which product, and whether a subscription is still active.

  • No B2B organization model. Shared team accounts require organization models, member roles, and seat management — built from scratch per product.

saas-core solves all of these with a single service.

What it is

Section titled “What it is”
┌──────────────────────────────────────────────────────────────┐
│                      saas-core (single Node process)          │
│                                                               │
│   Identity Layer                                              │
│   ├── Better Auth            registration, login, session     │
│   ├── OAuth Provider         issue per-product JWTs           │
│   ├── SSO Groups             cross-product session sharing    │
│   └── Policy Engine          per-application account rules    │
│                                                               │
│   Commerce Layer (Phase 3)                                    │
│   ├── Product & Price        catalog per application          │
│   ├── Subscription           lifecycle management             │
│   └── Payment Adapters       LemonSqueezy, Apple IAP          │
└──────────────────────────────────────────────────────────────┘
           │ OAuth / JWKS                         │ webhooks
           ▼                                       ▼
   Your SaaS applications                  Payment gateways
   (Acme, Beta, niche, ...)             (LS, Apple)

What it is not

Section titled “What it is not”

saas-core is not a general-purpose identity platform. It does not serve external third parties, does not implement SAML or enterprise SSO, and does not replace specialized IdPs like Auth0 or Keycloak for those use cases. It is deliberately scoped to the product suite you control.

Who it serves

Section titled “Who it serves”

You operate multiple SaaS products and need a shared identity layer that:

  • Allows products in the same suite to share login sessions
  • Keeps independent products fully isolated
  • Ties subscription data to a single user identity
  • Is deployable as a single process without infrastructure complexity

Guiding principles

Section titled “Guiding principles”

Identity and commerce live in the same kernel, not separate services. For a solo operator, running multiple microservices (each with its own DB, deployment, and maintenance overhead) costs more than it saves. The module boundaries in the code become the split points when scale demands it.

The kernel answers only “who bought what.” It does not interpret entitlements. Translation of a SKU into feature access is the responsibility of each application. saas-core records that User X has an active subscription to tobby.pro.monthly. Whether that means 1000 AI calls or 50GB storage is Acme’s decision.