AuthKit
Customizable sign-in UI that abstracts away all of the complexity associated with building secure authentication flows.
Implementing authentication flows that handle every possible error state and edge case across multiple identity providers can be a daunting task. AuthKit makes this easy by providing a hosted, pre-built, customizable authentication UI with automatic handling of:
- Sign up, sign in, password reset, and email verification flows.
- Automatic bot detection and blocking, to protect against brute force attacks.
AuthKit is conceptually similar to a Social Login (OAuth) experience, but with the added benefit of being able to authenticate users with any identity provider.
AuthKit sits outside of your application code. When a user initiates a sign-in request, your application redirects them to the AuthKit URL. The user then completes the authentication process with WorkOS before being returned to the application.
Your application will exchange the resulting authorization code to retrieve an authenticated User object and handle the session.
The AuthKit flow abstracts away many of the UX and WorkOS API calling concerns automatically, for more guidance on integrating with AuthKit, see the Quick Start guide.
AuthKit also provides a signup flow for creating users. Available options are determined by the configured authentication methods. If a user’s email address is associated with an SSO connection, they will automatically be redirected to sign up via their IdP.
AuthKit supports all of the authentication methods available in WorkOS User Management and will automatically adjust the available options depending on the configured methods in the Authentication section of the WorkOS Dashboard.
Email + Password authentication is enabled by default, though set up may be required to enable additional methods. See the relevant feature section for more information:
AuthKit offers support for custom OAuth static scopes for both Google and Microsoft integrations. This allows you to request specific permissions when accessing user profile data from these providers. For instance, requesting access to read Google Calendar events or retrieve emails from a Microsoft account.
This feature is currently available in a restricted preview. Contact us for additional details.
Integration into your app is quick and easy, though the route you choose varies depending on your specific requirements:
In just a few lines of code, you can add AuthKit to your app and start authenticating users. See the quick start guide for more information.
While the hosted solution is the fastest way to get started, if you’d prefer to build and manage your own authentication UI, you can do so via the User Management API.
Examples of building custom UI are available on GitHub.