Blog

Learn why traditional database encryption just doesn’t cut it anymore and why application-level encryption is the real hero for data security.

Anthropic’s release of Claude Code, built on the 3.7 Sonnet model, marks a significant step in AI-assisted development.

Modern authentication flows use tokens to convey information about a user and whether that user is allowed to interact with specific resources.

FGA Playground, Notifications, and AuthKit with Laravel Cloud

In January 2025, the IETF published RFC 9700: Best Current Practice for OAuth 2.0 Security. We read it and summarized the best practices you should follow to keep your OAuth implementation safe.

Choosing between FGA and ABAC can be tricky, but it doesn’t have to be. In this article, we break down both models to help you decide which one works best for your needs.

Want to keep your JWTs safe from attackers? This guide covers the best practices for securely storing your tokens and ensuring your app's security.

Today, I want to share the emotional side of hitting PMF at WorkOS, plus some advice I’ve learned the hard way from growing the company to where it is today.

Learn how to enhance your API's security with granular permissions using OAuth scopes, allowing you to control access precisely and protect user data effectively. This guide covers the basics of OAuth scopes, implementing fine-grained permissions, and best practices for secure API management.

The “aud” claim tells the system which recipient the token is meant for.

Your auth system can issue a JWT with user details, enabling API routes to decode and use claims without extra queries.

Multiple customers, one software instance—sounds tricky, right? Find out how multi-tenancy ensures secure, separate access for everyone and why it matters.

OAuth 2.0 set the standard for delegated authorization, but OpenID Connect (OIDC) compliments this protocol by adding user authentication

API authentication ensures that only authorized requests access protected resources. It’s a mechanism for verifying credentials against predetermined rules to reject unauthorized traffic.

LLMs excel at automating code and content tasks, but their accuracy depends on the context you provide—especially as your codebase evolves. Learn key tools and techniques to keep your AI assistants up to date.