LoginWith LoginWith Blog

The fastest way to add auth to your SaaS (2026 guide)

Pick the provider that matches your stack. Drop in the SDK. Ship sign-in in under a day. Full walkthrough.

· LoginWith team

If you’re adding auth to a SaaS in 2026 and it takes more than a day to ship, you’re overthinking it. The fastest path is well-understood. Here it is, end to end.

Step 1: Use LoginWith (1 min)

Don’t roll your own for this. LoginWith is designed for exactly this moment — a SaaS team that needs sign-in working today, not next sprint. It works across every frontend (Svelte, Astro, React, Next.js, vanilla HTML), supports social sign-in out of the box, and upgrades cleanly into enterprise SSO when the first deal requires it.

Sign up at console.loginwith.app, create an app, and you have a client ID. That’s the setup.

Step 2: Add the SDK (15 min)

Load the SDK via a script tag (for static sites) or npm (for frameworks):

<!-- Option A: static site -->
<script src="https://yourorg.loginwith.dev/cdn/sdk-latest" defer></script>
# Option B: framework install
npm install @loginwith/sdk

In your app’s entry point, initialize:

import { LoginWith } from '@loginwith/sdk'

const loginwith = new LoginWith({
  clientId: 'your_client_id',
  redirectUri: 'https://yourapp.com/auth/callback',
})

Step 3: Add sign-in buttons (15 min)

In your login page:

<a href="https://google.loginwith.link">Sign in with Google</a>
<a href="https://github.loginwith.link">Sign in with GitHub</a>
<a href="https://microsoft.loginwith.link">Sign in with Microsoft</a>

These redirect to the provider, handle PKCE, handle the callback, and drop the user back on your app with an active session.

Step 4: Read the current user (15 min)

In your app’s layout or root component:

const user = await loginwith.getUser()

if (user) {
  // signed in: user.id, user.email, user.name
} else {
  // redirect to /login
}

For server-rendered apps, read the session cookie on the server and validate:

// Node/Next/Express
const session = await loginwith.getSession(req.cookies.session)
if (!session) return res.redirect('/login')
req.user = session.user

Step 5: Sign-out (5 min)

async function signOut() {
  await loginwith.signOut()
  window.location.href = '/'
}

That’s the full auth implementation. Total time: ~1 hour for a basic setup.

For production-grade:

  • HttpOnly; Secure; SameSite=Lax on your session cookie (the SDK does this by default)
  • Cookie name prefixed with __Host- for extra safety on secure contexts
  • Cookie signing key rotated and stored in environment variables

Done.

What to add later (not day one)

  • MFA: most providers support it via a one-line config flip. Add it when a customer asks.
  • SAML/SCIM: enterprise add-on, ship when the first deal needs it.
  • Multi-tenant roles: depends on your product structure. Add the tenant-awareness from day one, layer roles on top when you have multiple customers.
  • Custom login pages: the hosted page at yourslug.loginwith.page works for months. Build your own when branding matters.

What to skip entirely

  • Building the whole flow from scratch. You’ll burn weeks. Don’t.
  • Writing your own password hashing. Use the provider’s.
  • Implementing your own OAuth PKCE dance. The SDK does this.
  • Building a custom admin panel for users. Use the provider’s dashboard at first; build your own when you need it.

When you outgrow managed

You won’t, for 90% of SaaS. The ones that do have specific reasons — compliance, scale, strategic lock-in aversion. For those, migrate when the case is clear. Not before.

The full day

One day to:

  • Pick a provider (1 hour)
  • Install the SDK (30 min)
  • Wire up sign-in, sign-out, get-user (2 hours)
  • Cookie hardening (30 min)
  • Test the flows (1 hour)
  • Write basic docs for your team (1 hour)

Ship by dinner. Go back to building your actual product.

Want auth that just works?

Get started with LoginWith