Building a Production-Grade SSO Platform on a $10 Server
In our last post, “Anatomy of a Bottleneck”, we went on an exciting technical adventure that is the process of optimization. We demonstrated how a monolithic Rust and SQLite service, through rigorous analysis and the application of first principles, could be tuned to handle a load equivalent to over 500,000 monthly active users on a tiny $10 server.
But performance in isolation is just a number. It’s a benchmark, a proof-of-concept. The real question is: what does it enable? What kind of robust, feature-rich application can be built upon such a lean and powerful foundation?
Today, we’re excited to answer that question by introducing the result of that effort: a complete, open-source, multi-tenant Single Sign-On (SSO) platform. We’ve moved from demonstrating an optimized engine to delivering the entire vehicle; a production-ready system designed to be a viable, self-hostable alternative to expensive commercial identity providers.
Beyond Performance
The performance optimizations we detailed previously were not an academic exercise; they were the necessary groundwork to support a rich and complex feature set without sacrificing the simplicity of the underlying architecture. This platform is more than just a login box. It’s a comprehensive identity management system for modern B2B2C applications.
Here are the core features we built on that high-performance bedrock:
Bring Your Own OAuth (BYOO) We empower your tenants to provide a completely white-labeled experience by connecting their own custom OAuth2 applications for providers like GitHub, Google, and Microsoft. All their secrets are securely encrypted at rest using AES-GCM.
Complete Platform Governance A super-admin (Platform Owner) role provides a top-down view of the entire system, complete with an approval workflow for new organizations, tier management, and a platform-wide audit log for compliance.
Comprehensive Analytics Suite The platform tracks detailed login, growth, and activity metrics, available both at the individual organization level and for the platform as a whole. This allows you to monitor user engagement, identify popular services, and track the health of your ecosystem.
Full Identity & End-User Management Users can link and unlink multiple social accounts to a single profile, preventing account fragmentation. Organization admins have a dedicated interface to manage their own customers; viewing their subscriptions, linked identities, and even revoking all active sessions to enforce security policies.
Secure by Design From the ground up, the system incorporates JWT-based sessions with server-side revocation, granular role-based access control (RBAC), and a secure Device Authorization Flow (RFC 8628) for authenticating CLIs and headless applications.
The Architecture of Simplicity
The entire platform remains true to its monolithic roots, consisting of three core packages within a single repository. This unified structure simplifies development, testing, and deployment.
sso/
├── api/ # Rust (Axum) backend API
├── sso-sdk/ # TypeScript SDK for the API
└── web-client/ # Vue.js admin dashboard
The API is the high-performance Rust core we optimized. The SDK provides a strongly-typed, zero-dependency interface for any JavaScript application. And the Web Client serves as a complete, real-world example of that SDK in action, providing the administrative UI for the entire platform.
The Economics of Craftsmanship
In our previous article, we presented a cost comparison that highlighted the dramatic financial advantage of a well-tuned monolith. Now, with a full-featured product built on that monolith, the comparison is even more stark. Our platform doesn’t just match the core functionality of many commercial identity providers; it does so at a fraction of the operational cost.
Let’s revisit the cost for a business with 500,000 Monthly Active Users (MAU):
| Service | Estimated Monthly Cost at 500,000 MAU |
|---|---|
| Our Rust + SQLite Platform | ~$10 |
| Supabase / Firebase Auth | ~$1,350 |
| Clerk.dev (Pro Plan) | ~$10,000 |
| Auth0 / Okta (Professional / Custom) | ~$15,000+ |
This isn’t just a cost saving; it’s a strategic advantage. It’s over $100,000 per year that can be reinvested into product development, marketing, or hiring.
The conventional wisdom has been to trade cost for convenience, but we believe modern tooling and efficient stacks like Rust are shifting that calculus. When an AI-assisted development workflow can help you build and maintain a secure, high-performance system, the argument for paying a 1000x markup for a managed service becomes much harder to justify. This project is our answer to that new reality.
Get Started and See for Yourself
We believe the best way to understand the platform is to use it. The entire project is open-source and available today. We’ve included several runnable examples in the repository to demonstrate the key authentication flows with the SDK.
examples/sample-app: A Vue.js web app demonstrating the end-user redirect flow and the browser-based UI for activating a device.examples/sample-byoo-cli: A Node.js CLI that uses the Device Authorization Flow, showing how a tenant’s own application would authenticate its users.examples/sample-admin-cli: A CLI demonstrating the secure device flow for platform-level administrative tasks.
To get the full system running locally:
# 1. Run the backend API
cd sso/api
cp .env.example .env && # Fill in your secrets
docker-compose up --build -d
# 2. Run the administrative web client
cd ../web-client
npm install
npm run dev # App available at http://localhost:5173
The Resurgence of the Well-Built Monolith
This journey has been a powerful confirmation of our core thesis: by investing in craftsmanship and choosing a modern, efficient stack, a small team can build systems that are not just performant, but economically transformative. This platform is a testament to the idea that simplicity, when paired with rigorous engineering, does not preclude scalability or feature-richness.
We invite you to explore the repository , run the examples, and see for yourself. This isn’t about nostalgia for monoliths; it’s about a future where control, performance, and economic sensibility are the ultimate competitive advantages.
