Blog

Product

Jun 27, 2025

Authenticate CLI tools seamlessly with OAuth Device Flow

Allow users to sign in via CLIs and on TVs and other non-traditional devices

Eric Roberts

Product

Jun 26, 2025

Introducing AuthKit Add-ons

Connect AuthKit to the tools you already use.

Enterprise Ready authentication for Supabase, powered by WorkOS

Now you can integrate WorkOS as a third-party auth provider in Supabase—unlocking Enterprise Ready authentication for your app in minutes.

Composio.dev overview

Composio.dev is a developer-focused integration platform that simplifies how AI agents and large language models (LLMs) connect with external applications and services.

What are Cursor Rules?

Cursor Rules are instructions or system prompts passed to the large language models (LLMs) that Cursor uses. Learn how to leverage them effectively.

Spot the bots: How to track malicious activity with JavaScript tagging

Tired of bots wreaking havoc on your website? Learn how JavaScript tagging can help you track suspicious behavior and stop malicious activity in its tracks.

When database security is not enough: How the cloud makes application-level encryption a must

Learn why traditional database encryption just doesn’t cut it anymore and why application-level encryption is the real hero for data security.

What is Claude Code? An agentic developer tool

Anthropic’s release of Claude Code, built on the 3.7 Sonnet model, marks a significant step in AI-assisted development.

Identity tokens vs Access tokens: understanding the key differences

Modern authentication flows use tokens to convey information about a user and whether that user is allowed to interact with specific resources.

What is the Model Context Protocol (MCP)?

Anthropic developed the Model Context Protocol (MCP), an open standard that connects AI assistants to systems where data actually lives—content repositories, business tools, development environments, and more.

February Updates

FGA Playground, Notifications, and AuthKit with Laravel Cloud

OAuth best practices: We read RFC 9700 so you don’t have to

In January 2025, the IETF published RFC 9700: Best Current Practice for OAuth 2.0 Security. We read it and summarized the best practices you should follow to keep your OAuth implementation safe.

FGA vs ABAC: Understanding the differences

Choosing between FGA and ABAC can be tricky, but it doesn’t have to be. In this article, we break down both models to help you decide which one works best for your needs.

JWT storage 101: How to keep your tokens secure

Want to keep your JWTs safe from attackers? This guide covers the best practices for securely storing your tokens and ensuring your app's security.

How it felt to reach Product-market fit (PMF) at WorkOS—and what no one tells you

Today, I want to share the emotional side of hitting PMF at WorkOS, plus some advice I’ve learned the hard way from growing the company to where it is today.

How to add granular permissions to your API using OAuth scopes

Learn how to enhance your API's security with granular permissions using OAuth scopes, allowing you to control access precisely and protect user data effectively. This guide covers the basics of OAuth scopes, implementing fine-grained permissions, and best practices for secure API management.