Blog

Product

Jun 27, 2025

Authenticate CLI tools seamlessly with OAuth Device Flow

Allow users to sign in via CLIs and on TVs and other non-traditional devices

Eric Roberts

Product

Jun 30, 2025

June Updates

New this month: Custom CSS for AuthKit, WorkOS Feature Flags, CLI Auth, & more

Introducing AuthKit Add-ons

Connect AuthKit to the tools you already use.

The hidden pitfalls of SAML metadata: How to avoid downtime

Misconfigured SAML metadata is one of the most overlooked causes of SSO failures. Learn how to spot hidden risks—and fix them before they break your login flow.

April Updates

New this month: SSO Role Mapping, Schema-Based Policies, On-Prem Guides, and more

Mastra.ai Quickstart - How to build a TypeScript agent in 5 minutes or less

Mastra is a TypeScript framework for agentic apps. In this post, we'll use it to build an agentic app that can fetch data from GitHub in less than 5 minutes.

oRPC: OpenAPI Remote Procedure Call for Type-Safe APIs

oRPC (OpenAPI Remote Procedure Call) combines the familiarity of RPC with the industry-standard OpenAPI spec so that every request/response is fully typed from client to server.

DBConnection pooling deep dive

A deep dive on how pooled connections work in the Elixir DBConnection library.

In-Memory Distributed State with Delta CRDTs

How to utilize delta conflict-free replicated data types for managing distributed cache or configuration state on an Elixir cluster.

Why your app needs refresh tokens—and how they work

Session management is hard. Refresh tokens make it easier—and safer. This guide breaks down how they work, why you need them, and how to avoid common mistakes (with code included).

IBM’s Agent Communication Protocol (ACP): A technical overview for software engineers

IBM Research’s Agent Communication Protocol (ACP) provides autonomous agents with a common “wire format” for talking to each other. But how does it differ from MCP and A2A?

SAML's signature problem: It’s not you, it’s XML

A deep dive into the messy world of SAML signature verification bugs — complete with real examples, cautionary tales, and practical tips to keep your app out of trouble.

Agent to agent, not tool to tool: an engineer’s guide to Google’s A2A protocol

Think of MCP as “plug this model into my data” and A2A as “now let several specialised models talk to each other.”

From 1.0.0 to 2025.4: Making sense of software versioning

Confused by versioning? This guide breaks down the top strategies to help you pick the right one, keeping your project organized and your users in the loop.

WorkOS + Cloudflare MCP: Plug and Play Auth for Agentic AI Builders

Until now, plugging your existing user authentication system into MCP servers was tricky. That’s where WorkOS and Cloudflare step in.

ArkType: A high-performance runtime type validation for TypeScript

ArkType is a TypeScript-first runtime validation library built to erase the boundary between static type safety and runtime enforcement.

How to handle JWT in Python

Everything you need to know to implement and validate JWTs securely in Python — from signing to verifying with JWKS, with code examples and best practices throughout.

Prisma ORM for TypeScript - A technical primer

Prisma is one of the most popular Object-Relational Mappers (ORMs) in the TypeScript/JavaScript ecosystem due to its robust type-safety guarantees and seamless integration with frameworks like Next.js.

Zack Proser

Apr 10, 2025

We’re hiring

Our global team is growing and we’re hiring all types of roles.

View open roles

About us

WorkOS builds developer tools for quickly adding enterprise features to applications.

Learn more