Blog

How to give AI agents their own identity, scope what they can do, and defend your systems when they act autonomously.

How an AI operational finance startup went from founding to Vercel AI Accelerator winner without slowing down for enterprise auth.

Everything you need to know to implement and validate JWTs securely in PHP: from signing to verifying with JWKS, with code examples and best practices for both vanilla PHP and Laravel.

Seven errors that break Entra ID SAML SSO, and how to resolve them.

WorkOS designers use AI to prototype in production, explore wider solution spaces, and design for agents. Here's how our craft is changing.

A practical, security-first comparison of the two browser-delegated OAuth flows that CLIs use, with recommendations for laptops, headless servers, containers, and CI runners.

Implement OAuth 2.0 Device Code and PKCE flows in TypeScript, route users through Okta SSO, and pick the right pattern for headless and local environments, with WorkOS AuthKit.

How WorkOS uses AI-powered code generation to build and maintain SDKs across multiple languages from a single OpenAPI spec.

What to validate, what to avoid, and how to keep your tokens out of trouble.

In a chatbot, prompt injection produces a wrong answer. In an agentic system, it produces a wrong action.

The 2026 guide to SSO, SCIM, MCP, audit logs, RBAC, and the rest of the B2B SaaS enterprise readiness checklist.

A practical comparison of the leading MCP authentication providers across OAuth 2.1 support, enterprise identity, and integration paths.

A detailed glimpse at Project Horizon: an internal code factory at WorkOS.

Authentication in React Router v7 happens in loaders, not useEffect. A complete guide to server-side sessions, protected routes, and enterprise SSO.

A hands-on guide to implementing an MCP server in Python: tools, resources, prompts, transports, and authentication, with a full worked example.