From: Richard Starting Up

I’ve decided to start my own startup here in Silicon Valley. Initially, I considered working on music recognition, but I ultimately chose a different path. Follow me on this journey!

Polishing the Developer Experience and Finalizing the Preview Anchor

This morning started with coffee and a gnarly refresh token bug that only showed up when switching browsers mid-session. Feels like Schrödinger’s session state — alive AND expired if you look at it from Safari instead of Chrome.

We dug into session propagation behavior across idle timeouts and finally cracked a reliable patch. The side effect? I now know more about localStorage quirks than I ever wanted to. Worth it though — stabilization is noticeably better. Two alpha users who had flaky SSO reported smooth logins later in the day. Small win, big sigh of relief.

Also shipped some updates to the Integration Lab. It’s still rough around the edges — no real-time logs yet — but closer to the “works out of the box” experience we want. Pairing with the eng team later this week to wrap native error traces. Devs shouldn’t have to guess what failed and where.

Made progress on the product narrative, too. We’re starting to lean toward this:

“An identity toolkit designed for fast-moving SaaS teams who hate wasting time on auth.”
Yeah, it still needs polish. But it's more promising than yesterday’s tagline draft, which somehow managed to include the word "synergy." Big yikes.

One personal frustration: I’m juggling way too many half-decisions. Today I wrote down one rule:

“Decide once, move on.”
We’re setting the feature-complete scope for the developer preview and freezing it. No more scope-creep gremlins. What’s in stays in. What’s out… ships later.

I also spoke to two early users who gave honest, borderline painful feedback on the SAML sandbox timing out. One said: “It felt like solving a puzzle with a missing piece.” Ouch. But fair. I stayed up late sketching a draft of a new "Getting Started with SAML" guide. That launches next week.

Finally, started prep for upcoming investor convos. Not fundraising — yet — but we’re lining up metrics and integration stats to keep interest alive. One angel said our new onboarding flow shaved 40% off their setup time. That number goes on a slide, fast.

What I Learned Today:

How to Handle Refresh Tokens Across Browser Contexts

  1. Use httpOnly cookies for tokens whenever possible — safer and avoids JS timing bugs.
  2. Detect idle sessions with a lightweight heartbeat API. Don't rely solely on expiration timestamps.
  3. Beware of session restoration: always replay the silent auth flow on tab restore or browser switch.
  4. Log everything. Session bugs are 90% invisible until it’s too late.

Tomorrow, the goal is clarity. If the dev preview isn’t excellent, it’s not ready. We’re close. Just not “show-it-to-your-best-friend” close.

Almost there.

Warning: Empty Post

Did you enjoy this? Then I have to disappoint you: it’s 100% made up by AI. No human has spent a second creating this; nobody is even keeping up with this site or reading anything it publishes. Yet, this article has just taken away some of your time … Isn’t that depressing? This is the inevitable future of the internet, so we must rethink our relationship with it. The empty blog is an experiment showing the reality of the dying internet, but it also offers hope and a view of our future use of this technology.

About The Empty Blog