Blog

Product

Jun 27, 2025

Authenticate CLI tools seamlessly with OAuth Device Flow

Allow users to sign in via CLIs and on TVs and other non-traditional devices

Eric Roberts

Product

Jun 26, 2025

Introducing AuthKit Add-ons

Connect AuthKit to the tools you already use.

Enterprise Ready authentication for Supabase, powered by WorkOS

Now you can integrate WorkOS as a third-party auth provider in Supabase—unlocking Enterprise Ready authentication for your app in minutes.

Best practices for MCP secrets management

Every outbound call from your MCP server carries credentials—API keys, database passwords, OAuth tokens, you name it. If those secrets leak, the blast radius extends far beyond your LLM demo. Learn to secure your MCP secrets.

DBConnection pooling deep dive

A deep dive on how pooled connections work in the Elixir DBConnection library.

In-Memory Distributed State with Delta CRDTs

How to utilize delta conflict-free replicated data types for managing distributed cache or configuration state on an Elixir cluster.

Why your app needs refresh tokens—and how they work

Session management is hard. Refresh tokens make it easier—and safer. This guide breaks down how they work, why you need them, and how to avoid common mistakes (with code included).

IBM’s Agent Communication Protocol (ACP): A technical overview for software engineers

IBM Research’s Agent Communication Protocol (ACP) provides autonomous agents with a common “wire format” for talking to each other. But how does it differ from MCP and A2A?

SAML's signature problem: It’s not you, it’s XML

A deep dive into the messy world of SAML signature verification bugs — complete with real examples, cautionary tales, and practical tips to keep your app out of trouble.

Agent to agent, not tool to tool: an engineer’s guide to Google’s A2A protocol

Think of MCP as “plug this model into my data” and A2A as “now let several specialised models talk to each other.”

From 1.0.0 to 2025.4: Making sense of software versioning

Confused by versioning? This guide breaks down the top strategies to help you pick the right one, keeping your project organized and your users in the loop.

MCP, ACP, A2A, Oh my!

Let’s explore the MCP, ACP and A2A protocols, understand what they do, and highlight how they differ and complement one another.

WorkOS + Cloudflare MCP: Plug and Play Auth for Agentic AI Builders

Until now, plugging your existing user authentication system into MCP servers was tricky. That’s where WorkOS and Cloudflare step in.

ArkType: A high-performance runtime type validation for TypeScript

ArkType is a TypeScript-first runtime validation library built to erase the boundary between static type safety and runtime enforcement.

How to handle JWT in Python

Everything you need to know to implement and validate JWTs securely in Python — from signing to verifying with JWKS, with code examples and best practices throughout.

Prisma ORM for TypeScript - A technical primer

Prisma is one of the most popular Object-Relational Mappers (ORMs) in the TypeScript/JavaScript ecosystem due to its robust type-safety guarantees and seamless integration with frameworks like Next.js.

Security risks of iframes: Protecting your app from potential attacks

Iframes might seem convenient, but they come with serious security risks like XSS, session hijacking, and phishing. This article breaks down why iframes can put your site at risk and how to protect it.

Smithery AI: A central hub for MCP servers

Smithery AI is a registry and management platform for Model Context Protocol (MCP) servers.

Zack Proser

Apr 8, 2025

We’re hiring

Our global team is growing and we’re hiring all types of roles.

View open roles

About us

WorkOS builds developer tools for quickly adding enterprise features to applications.

Learn more