Learn how WorkOS acts as an OAuth bridge that removes authentication complexity so you can focus on building your MCP server's core functionality.
If you’ve built a custom Identity Provider, you’ll need to implement SCIM client functionality yourself. This guide shows you how to build a standards-compliant SCIM 2.0 client that can provision users and groups using WorkOS as the SCIM service provider.
Product engineers don’t just write code, they own the whole delivery lifecycle.
Tired of bots wreaking havoc on your website? Learn how JavaScript tagging can help you track suspicious behavior and stop malicious activity in its tracks.
Learn why traditional database encryption just doesn’t cut it anymore and why application-level encryption is the real hero for data security.
Anthropic’s release of Claude Code, built on the 3.7 Sonnet model, marks a significant step in AI-assisted development.
Modern authentication flows use tokens to convey information about a user and whether that user is allowed to interact with specific resources.
FGA Playground, Notifications, and AuthKit with Laravel Cloud
In January 2025, the IETF published RFC 9700: Best Current Practice for OAuth 2.0 Security. We read it and summarized the best practices you should follow to keep your OAuth implementation safe.
Choosing between FGA and ABAC can be tricky, but it doesn’t have to be. In this article, we break down both models to help you decide which one works best for your needs.
Want to keep your JWTs safe from attackers? This guide covers the best practices for securely storing your tokens and ensuring your app's security.
Today, I want to share the emotional side of hitting PMF at WorkOS, plus some advice I’ve learned the hard way from growing the company to where it is today.
Learn how to enhance your API's security with granular permissions using OAuth scopes, allowing you to control access precisely and protect user data effectively. This guide covers the basics of OAuth scopes, implementing fine-grained permissions, and best practices for secure API management.
The “aud” claim tells the system which recipient the token is meant for.
Your auth system can issue a JWT with user details, enabling API routes to decode and use claims without extra queries.
Multiple customers, one software instance—sounds tricky, right? Find out how multi-tenancy ensures secure, separate access for everyone and why it matters.
OAuth 2.0 set the standard for delegated authorization, but OpenID Connect (OIDC) compliments this protocol by adding user authentication
API authentication ensures that only authorized requests access protected resources. It’s a mechanism for verifying credentials against predetermined rules to reject unauthorized traffic.
Our global team is growing and we’re hiring all types of roles.
WorkOS builds developer tools for quickly adding enterprise features to applications.
This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)