Back to blog

February 27, 2026 · Ben Smith

Hello World

What is Paylent, and why are we building it? A casual introduction to what we're working on.

So, what is Paylent?

The short version: it’s an auth provider. Think Auth0 or Stytch, but one you can actually self-host if you want to.

The longer version is a bit more interesting.

The problem

Every time you build a SaaS app, you end up building the same stuff. Login pages. Password hashing. OAuth flows. Roles and permissions. “Invite a teammate” emails. Session management. Token rotation. JWKS endpoints. The list goes on.

You can use one of the big auth providers, and they work well — until you need something they don’t support, or your bill starts looking like a mortgage payment, or you realize your entire user base is locked into someone else’s infrastructure.

You can build it yourself, and honestly that’s what most teams end up doing for at least some of it. But auth is one of those things where “mostly works” isn’t good enough. A subtle bug in your token validation or a missing rate limit on your login endpoint can ruin your week.

What Paylent actually does

Paylent is a full OAuth 2.0 and OpenID Connect provider. It handles:

  • Authentication — passwords, social login (GitHub, Google, etc.), and the full OAuth2/OIDC protocol. Authorization code with PKCE, client credentials, refresh token rotation, the works.
  • User management — a dashboard and API for creating, editing, and managing users. Sessions, login history, all of it.
  • Roles and permissions — define permissions in a simple resource:action format, bundle them into roles, assign them to users or organization members.
  • Organizations — your users can create teams, invite members by email, and get org-specific roles. Organization context flows into access tokens automatically, so your API knows which team a user is acting for.
  • A full Management API — everything you can do in the dashboard, you can do via a JSON:API. Create users, assign roles, manage OAuth clients, rotate signing keys — all programmatically.
  • Environments — separate test and production environments with their own data, their own users, their own signing keys. Break things in test without worrying about prod.
  • Audit trail — every action logged with who did it, what changed, and field-level diffs.

Each of your projects gets its own tenant. Each tenant gets separate environments (dev, staging, production — whatever you need). Environments are fully isolated. Different subdomains, different signing keys, different everything.

Why we’re building it

We wanted something that’s standards-compliant (proper OAuth 2.0 and OIDC, not a proprietary auth API with OAuth bolted on), that gives you a real dashboard for day-to-day management, and that treats the API as a first-class citizen rather than an afterthought.

We also wanted something where you actually own your user data. No vendor lock-in, no surprises on your invoice when you hit 10,000 monthly active users.

What’s next

We’re working on more social connections, better webhook support, and some features around Actions — custom logic that runs during auth flows. We’ll write more about those as they ship.

If any of this sounds useful, give it a try. And if you have questions or feedback, we’d genuinely love to hear it.

BS

Ben Smith

Founder

Founder of Paylent. Previously built auth systems at scale and got tired of rebuilding the same infrastructure for every project. Now building the identity platform he wished existed.