December Updates

Organization roles‍

You can now provision custom roles for specific organizations, offering more flexibility and granular access control compared to static, pre-defined roles.

Custom OAuth scopes‍

AuthKit now supports custom OAuth static scopes for both Google and Microsoft integrations. This allows you to request specific permissions when accessing user profile data from these providers. For instance, requesting access to read Google Calendar events or retrieve emails from a Microsoft account.

Accept invitation API‍

In addition to accepting invitation tokens via authenticateWithCode, you can now leverage a new API endpoint to accept invitations at any point within your application.

AuthKit role assignment via SSO‍

AuthKit now supports identity provider role assignment based on a user’s group memberships. For organizations with SSO connections, you can map group memberships to roles. A role received via SSO can be accessed on the user’s organization membership.

App logos in the Admin Portal‍

IT Admins can now easily download your application’s logo directly within the Admin Portal when configuring IdP-initiated SSO for popular providers. Simply upload your logo in the Branding settings of the WorkOS Dashboard to make it available.

Python AuthKit example app‍

We recently updated our Python SDK to include session helpers, which are showcased in a new example app. The app shows how to integrate AuthKit in Python with full session management. Using Python 3 and the Flask web server, it demonstrates how easy it is to add AuthKit to any Python app.

‍More featured content

• The complete guide to OAuth 2.0
• Seamless onboarding with the WorkOS Admin Portal
• SCIM best practices
• SSO best practices
• Common SAML security vulnerabilities and how to defend against them
• Why Google Zanzibar shines at building authorization
• How to build document access control with S3, WorkOS FGA, and Lambda authorizers
• Failed authentication events: use cases and how-to