Blog

Product
Mar 21, 2025

New widgets available for user profiles and organization switching

We just released four new widgets to make your life easier: user profile, user sessions, user security, and organization switcher. They are now available for free to all AuthKit customers.

Lucas Motta
Read more
Product
Mar 20, 2025

New enterprise login integrations in AuthKit

With AuthKit enterprise logins are now easier than ever. We are announcing the addition of key B2B login providers, like LinkedIn, Slack, Xero, and more, giving your users seamless access to your platform with the credentials they already use.

Cameron Matheson
Mar 20, 2025
Product
Mar 19, 2025

Custom Metadata, External ID, and JWT Templates

Expand your WorkOS integration by customizing attributes on users, orgs, and session tokens.

Maxwell Hammad
Mar 19, 2025
Categories
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Tutorials
May 15, 2025

How to sync users from Entra ID to your app using Node and WorkOS

Step-by-step tutorial that walks you through the necessary steps to add automated user provisioning to your app using SCIM, Entra ID, Node, and WorkOS, with just a few lines of code.

Maria Paktiti
May 15, 2025
News
May 14, 2025

OAuth 2.1: What’s new, what’s gone, and how to migrate securely

Learn what’s changed in OAuth 2.1, including the removal of implicit flow, mandatory PKCE, and modern refresh token strategies. This guide walks you through the security upgrades and offers a clear migration checklist to help you stay compliant and secure.

Maria Paktiti
May 14, 2025
Guides
May 13, 2025

Secure by design: How engineers should build and consume APIs

A practical guide to avoiding common pitfalls and implementing security best practices across both internal and third-party API integrations.

Maria Paktiti
May 13, 2025
Glossary
May 12, 2025

What is NIST and why should developers care?

What if the most practical security guidance didn’t come from a startup, but from a government agency? Read how NIST’s peer-reviewed frameworks are powering real-world security.

Maria Paktiti
May 12, 2025
News
May 8, 2025

Introducing RFC 9728: Say hello to standardized OAuth 2.0 resource metadata

OAuth 2.0 just got a major upgrade in how resources describe themselves — find out what RFC 9728 introduces and why it matters.

Maria Paktiti
May 8, 2025
Guides
May 2, 2025

Diagnosing SAML assertion failures: A step-by-step debugging guide

From expired assertions to signature fails — a survival guide for anyone who's ever screamed at a SAML error message.

Maria Paktiti
May 2, 2025
Guides
May 1, 2025

On-premises and hybrid authentication: Challenges and best practices

How to avoid common pitfalls and build resilient auth systems in on-prem and hybrid setups.

Maria Paktiti
May 1, 2025
Guides
Apr 30, 2025

The hidden pitfalls of SAML metadata: How to avoid downtime

Misconfigured SAML metadata is one of the most overlooked causes of SSO failures. Learn how to spot hidden risks—and fix them before they break your login flow.

Maria Paktiti
Apr 30, 2025
Product
Apr 30, 2025

April Updates

New this month: SSO Role Mapping, Schema-Based Policies, On-Prem Guides, and more

Conner Simmons
Apr 30, 2025
Guides
Apr 29, 2025

Mastra.ai Quickstart - How to build a TypeScript agent in 5 minutes or less

Mastra is a TypeScript framework for agentic apps. In this post, we'll use it to build an agentic app that can fetch data from GitHub in less than 5 minutes.

Zack Proser
Apr 29, 2025
Guides
Apr 28, 2025

oRPC: OpenAPI Remote Procedure Call for Type-Safe APIs

oRPC (OpenAPI Remote Procedure Call) combines the familiarity of RPC with the industry-standard OpenAPI spec so that every request/response is fully typed from client to server. 

Zack Proser
Apr 28, 2025
Guides
Apr 28, 2025

Best practices for MCP secrets management

Every outbound call from your MCP server carries credentials—API keys, database passwords, OAuth tokens, you name it. If those secrets leak, the blast radius extends far beyond your LLM demo. Learn to secure your MCP secrets.

Zack Proser
Apr 28, 2025
Engineering
Apr 28, 2025

DBConnection pooling deep dive

A deep dive on how pooled connections work in the Elixir DBConnection library.

William Huba
Apr 28, 2025
Engineering
Apr 28, 2025

In-Memory Distributed State with Delta CRDTs

How to utilize delta conflict-free replicated data types for managing distributed cache or configuration state on an Elixir cluster.

William Huba
Apr 28, 2025
Guides
Apr 23, 2025

Why your app needs refresh tokens—and how they work

Session management is hard. Refresh tokens make it easier—and safer. This guide breaks down how they work, why you need them, and how to avoid common mistakes (with code included).

Maria Paktiti
Apr 23, 2025
We’re hiring

Our global team is growing and we’re hiring all types of roles.

View open roles
About us

WorkOS builds developer tools for quickly adding enterprise features to applications.

Learn more

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.