Everything you need to know to secure your MCP server using OAuth 2.1 and PKCE, server and auth metadata, client registration, JWT validation, and role-based access control.
By creating a central catalog of available servers, the MCP Registry has solved the discovery problem—but that's only half the equation. The real challenge lies in authentication.
42% of companies abandoned most AI initiatives in 2025, up from just 17% in 2024. After analyzing dozens of enterprise deployments, we found 4 patterns that separate winners from the graveyard of abandoned prototypes.
Twilio built a business model that started with individual developers and expanded into massive enterprise sales. Learn how they did it––and how you can too.
If you build it, they won't come. As a founder, it's your job to make the sales that fuel your company's growth––and that includes enterprise sales. Read this guide so you can land the big deals.
User provisioning and user deprovisioning is how you can enable system access to new employees and restrict access to departing employees. Learn how this can make you more efficient and secure.
RBAC and ABAC are the two most common access control models for system authorization. Understanding the differences between the two is key for choosing between RBAC vs. ABAC for your system.
Learn how magic links work from a technical, security, and UX perspective and why you should use them.
Last month, we held our WorkOS Fall Release! We debuted new features, gave product updates, launched our new docs site, and hosted a fireside chat with the CTO of Webflow.
The WorkOS style guide for technical content. Our descriptive guide to writing blogs, tutorials, and technical documentation for developers by a developer.
In this article, we’ll cover a baseline of authentication protocols: PAP, CHAP, and EAP. We’ll cover what the protocol is, give a detailed example, and talk through some of the weaknesses.
Learn how to build a webhook, send it from your app, manage authentication, handle security, and provide a smooth developer experience to your customers.
Last month, we held our first public event: the WorkOS Summer Release! Putting together a fully remote event as a fully remote team involved a lot of prep work.
Authentication and authorization are often interwined, but refer to completely different things. This post breaks down the difference and explores difference schemes for each.
Explore the history of authentication from where it started over 60 years ago to where things might be going.
For intrepid developers planning on homebrewing enterprise SAML SSO, here's a guide covering common SAML security vulnerabilities, footguns, and countermeasures.
How Dropbox built enterprise ready features like admin controls and integrations that let them close bigger, more impactful deals, move upmarket, and stay competitive.
Learn what audit logs are, the best practices for logging events, and why you should integrate your audit logs with SIEM tools.
Our global team is growing and we’re hiring all types of roles.
WorkOS builds developer tools for quickly adding enterprise features to applications.
This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.
.webp)
.webp)
.webp)
