Blog

Inside Claude Day at WorkOS: 39 teams, a one-day hackathon, and one rule — the non-engineer drives. Here's what we built and what we learned.

Build an authorization model your B2B app won't outgrow: how to go from flat roles to fine-grained, resource-scoped access control without a rewrite.

A developer's guide to Client-Initiated Backchannel Authentication (CIBA) for agentic systems.

User-scoped keys, org-scoped keys, and M2M applications cover most agent scenarios in B2B products, but the right choice depends on who the agent acts for, and how it runs.

How to give AI agents their own identity, scope what they can do, and defend your systems when they act autonomously.

How an AI operational finance startup went from founding to Vercel AI Accelerator winner without slowing down for enterprise auth.

Everything you need to know to implement and validate JWTs securely in PHP: from signing to verifying with JWKS, with code examples and best practices for both vanilla PHP and Laravel.

Seven errors that break Entra ID SAML SSO, and how to resolve them.

WorkOS designers use AI to prototype in production, explore wider solution spaces, and design for agents. Here's how our craft is changing.

A practical, security-first comparison of the two browser-delegated OAuth flows that CLIs use, with recommendations for laptops, headless servers, containers, and CI runners.

Implement OAuth 2.0 Device Code and PKCE flows in TypeScript, route users through Okta SSO, and pick the right pattern for headless and local environments, with WorkOS AuthKit.

How WorkOS uses AI-powered code generation to build and maintain SDKs across multiple languages from a single OpenAPI spec.

What to validate, what to avoid, and how to keep your tokens out of trouble.

In a chatbot, prompt injection produces a wrong answer. In an agentic system, it produces a wrong action.

The 2026 guide to SSO, SCIM, MCP, audit logs, RBAC, and the rest of the B2B SaaS enterprise readiness checklist.