I spent 3 years building a SaaS before getting my first customer. Was that a mistake?

For the past three years, I've been building a SaaS called BlitzWare completely on my own.

It's an authentication platform (similar to Auth0) that provides OAuth 2.0, user management, API authentication, customizable hosted authentication pages, analytics, MFA, RBAC, database connections, and more.

Looking back, I'm starting to question one of my biggest decisions.

I spent almost all of my time building the product.

I wanted it to be something I could genuinely be proud of before showing it to anyone. Every time I thought it was "ready," I'd find another feature I wanted to add, another edge case to handle, or another part of the user experience that I felt could be improved.

Now, after three years (building on and off because I am still studying), I finally have something that feels production-ready.

But I've realized that building the product is only half the challenge.

Now I have to figure out how to get people to actually discover it.

As a solo developer without a marketing budget, that's honestly the part that feels the most intimidating.

So I'd love to hear from other founders.

  • Did you build first and market later?
  • At what point did you start getting users?
  • If you were starting over today with no audience and almost no budget, how would you market a technical SaaS?

If anyone is curious, the project is here:
https://blitzware.xyz

I'm not really looking for customers with this post, I genuinely want to learn from people who've already been through this stage.

reddit.com
u/SkippnR6 — 8 days ago

Building an OAuth provider taught me authentication is far more complicated than I expected

After spending nearly 3 years building (on and off since I am doing this next to my studies) an authentication platform from scratch, I've gained a whole new appreciation for how difficult authentication really is.

What started as "I'll just implement OAuth login" turned into learning about:

  • OAuth 2.0
  • OpenID Connect
  • PKCE
  • Refresh token rotation
  • Secure account linking
  • Social login providers
  • MFA
  • Session management
  • Password reset security
  • Email verification
  • OAuth edge cases I never knew existed

The biggest lesson was that most of the complexity isn't getting login working, it's handling every unusual edge case securely.

Building this project also made me appreciate how much engineering goes into products like Auth0, Clerk, and FusionAuth.

The project is called BlitzWare, and the goal is to provide a developer-focused authentication platform that's easy to integrate while remaining highly customizable.

I'm not posting this as an advertisement as much as I'd love feedback from other developers who have implemented authentication before.

If you've built authentication yourself:

  • What was the hardest part?
  • What's one thing you wish existing providers did better?

I'd love to compare experiences and hear what problems you've run into.

reddit.com
u/SkippnR6 — 8 days ago

I spent 3 years building an Auth0 alternative as a solo developer

I've been working on a project called BlitzWare for the past tree years (on and off) alongside my studies, and it's finally at a point where I'm comfortable showing it to other developers.

The idea started because I was building small applications that I wanted to protect, but I never felt confident implementing authentication properly. At the same time, every solution I looked at had trade-offs I wasn't happy with; some became very expensive as projects grew, some were difficult to customize, and others felt more like black boxes than developer platforms.

So I decided to build my own.

BlitzWare is an OAuth 2.0 authorization/authentication platform with user management, social login, direct API authentication instead of OAuth 2.0, customizable authentication pages, analytics, and a focus on being developer-first.

Some things I've spent a lot of time building include:

  • OAuth 2.0
  • User management
  • MFA & RBAC support
  • License Key based auth and Device locking
  • Customizable authentication branding
  • API-first architecture
  • Detailed analytics
  • Database Connections
  • And much more

It has been one of the most technically challenging projects I've ever worked on. Authentication looks simple from the outside, but implementing it correctly is surprisingly complex.

I'd really appreciate honest feedback from other developers.

  • Does the product make sense?
  • Is there anything missing that would stop you from using it?
  • If you're currently using Auth0, Clerk, FusionAuth, Keycloak, or another provider, what is your biggest frustration?

Website: https://blitzware.xyz

I'm happy to answer any technical questions about the implementation as well.

reddit.com
u/SkippnR6 — 8 days ago