Product Overview

Project Purpose

Optare is an enterprise-grade Single Sign-On (SSO) authentication platform that provides "Sign in with Optare" functionality similar to Clerk, Auth0, or Okta. It enables organizations to implement secure, multi-domain authentication with built-in product licensing and multi-tenancy support.

Value Proposition

Unified Authentication: Single sign-on across multiple domains and applications
Product Licensing: Seat-based license management for SaaS products
Enterprise Ready: RBAC, SAML/SCIM support, audit logging, and compliance features
Developer Friendly: OAuth 2.0 / OpenID Connect server with comprehensive APIs
Performance Optimized: Redis caching with 95% hit rate, under 10ms license checks

Key Features

Authentication & SSO

Multi-domain Single Sign-On with cross-domain token exchange
OAuth 2.0 and OpenID Connect server implementation
SAML SSO support for enterprise identity providers
SCIM provisioning for automated user management
Session versioning for forced logout on security events

Product Licensing

Seat-based license management with automatic tracking
Organization subscriptions with configurable seat limits
User product license assignments with status tracking
Race condition protection with database-level locking
Cache-first architecture for high-performance license checks

Enterprise Features

Role-Based Access Control (RBAC) with owner/admin/member/guest roles
Multi-tenancy with organization isolation
API key authentication for server-to-server communication
Rate limiting (100 req/min per API key, 1000 req/min per IP)
Comprehensive audit logging for compliance
Webhook system for real-time event notifications

Security

JWT tokens with RS256 signing (30-second expiration for token exchange)
API key hashing with SHA-256
PKCE support for OAuth authorization code flow
Refresh token rotation with revocation tracking
Session versioning for security-triggered logouts
Zero-downtime database migrations with CONCURRENTLY indexes

Developer Experience

Self-service customer portal for OAuth client management
Admin dashboard for user, organization, and product management
Automated setup script with JWT key generation
Database seeding for development and testing
Comprehensive API documentation

Developer Onboarding

Optare adopts a "First Principles" approach to onboarding, recognizing two distinct developer paths:

B2C (Consumer Apps):
- Goal: Speed, Conversion, Social Viral Loops.
- Flow: optare init -> Select "B2C" -> Auto-creates App + Enables Social Auth.
- Result: Ready for signIn() in seconds.
Enterprise (B2B SaaS):
- Goal: Multi-tenancy, Licensing, Control, Compliance.
- Flow: optare init -> Select "Enterprise" -> Auto-creates App + Product (for Licensing) + Enables SAML/RBAC.
- Result: Ready for createOrg() and assignLicense().

Domain

Production Domain: optare.one
Email Domain: noreply@optare.one
Admin Email: admin@optare.one

Target Users

Primary Users

SaaS Companies: Organizations building multi-product platforms requiring unified authentication
Enterprise IT Teams: Companies needing centralized identity management across applications
Platform Developers: Teams building "Sign in with X" functionality for their ecosystem

Use Cases

Multi-Product SaaS Platform: Single authentication system for CRM, Analytics, Admin Dashboard, etc.
Enterprise SSO: Centralized authentication for internal and external applications
Partner Ecosystem: Enable third-party applications to authenticate users via OAuth
White-Label Solutions: Provide authentication infrastructure for customer applications
Compliance Requirements: Organizations needing audit trails and access control

Technical Highlights

Built with Remix (React framework) for full-stack TypeScript development
Better Auth integration for authentication primitives
Drizzle ORM with PostgreSQL (Neon) for type-safe database operations
Redis caching for performance optimization
Vite for fast development and optimized production builds
Shadcn UI components with Tailwind CSS for modern interface

Tokens Explained Webhooks