WorkOS Blog
https://workos.com
Developer APIs/SDKs for Enterprise Ready features like Single Sign-On, Directory Sync, Audit Logging, and more. Get started for free.
フィード

Designing the AI-Proof Interview
WorkOS Blog
We’ve reimagined our technical interview to focus on what really matters: problem-solving.
18時間後

Introduction to MCP authentication
WorkOS Blog
Learn how the Model Context Protocol (MCP) handles authentication and authorization using OAuth 2.1 and API keys. This guide covers common patterns, security considerations, current limitations, and how to build a standards-compliant MCP server.
2日前

How to secure your AI app from fraud
WorkOS Blog
A guide for SaaS teams facing synthetic identity, deepfake, and account abuse risks. Learn how AI-driven fraud is reshaping digital security, and how WorkOS Radar enables real-time detection and prevention before damage is done.
3日前

Understanding MCP features: Tools, Resources, Prompts, Sampling, Roots, and Elicitation
WorkOS Blog
Learn how to leverage Model Context Protocol’s six core features to build secure and scalable AI applications.
4日前

MFA vs SSO: Why enterprises need both for stronger security
WorkOS Blog
Learn the difference between MFA and SSO, why they’re not interchangeable, and how using both creates seamless and secure enterprise access management.
5日前

OIDC vs SAML: How a two-decade-old protocol still dominates identity federation
WorkOS Blog
Discover why the decades-old SAML protocol remains indispensable for enterprise SSO and federation, how it compares to modern OpenID Connect, and what the future of identity federation holds.
6日前

How well are reasoning LLMs performing? A look at o1, Claude 3.7, and DeepSeek R1
WorkOS Blog
ChatGPT’s release in late 2022 marked the beginning of the large language model era. But 2024 brought a quieter, more technical shift: the rise of reasoning LLMs. Two years later—how is it actually going?
6日前

How to sync users from Google Workspace to a Ruby on Rails app using WorkOS
WorkOS Blog
Step-by-step tutorial that walks you through the necessary steps to add automated user provisioning to your app using SCIM, Google Workspace, Ruby, and WorkOS, with just a few lines of code.
9日前

Scaling B2B SaaS with SCIM: Automating user provisioning for enterprise growth
WorkOS Blog
Discover how SCIM (System for Cross-domain Identity Management) transforms B2B SaaS scalability by automating user provisioning, enhancing security, and enabling enterprise growth with WorkOS.
10日前

July Updates
WorkOS Blog
New this month: Convex Integration, Country Blocks, SMS Challenges, Custom Fonts, & More
10日前

First-Class WorkOS Auth Support Comes to Convex
WorkOS Blog
WorkOS and Convex join forces to bring seamless Enterprise Ready authentication to the modern TypeScript backend.
10日前

Anthropic’s Computer Use versus OpenAI’s Computer Using Agent (CUA)
WorkOS Blog
Anthropic’s Computer Use gives Claude direct control over your desktop, letting it interact with native apps and the web like a human. OpenAI’s Computer Using Agent runs GPT-4o in a secure virtual browser, where it follows high-level instructions to navigate web UIs and complete tasks.
11日前

How to add auth to your Go CLI using WorkOS
WorkOS Blog
Authenticate users in your Go command-line tool with a secure OAuth 2.0 Device Code flow using WorkOS. This tutorial shows how to implement login via the terminal, step by step.
11日前

What are SAML assertions?
WorkOS Blog
A complete technical guide to understanding SAML assertions, covering their structure, responses, lifecycle, common errors, debugging best practices, and step-by-step implementation of SAML SSO using WorkOS.
11日前

Vibecoding a complex combobox component
WorkOS Blog
Can an LLM build a non-trivial UI component? I tested Claude, Gemini, and o3 on a tree-based combobox and shared what worked, what didn’t, and where they fell short.
12日前

Generative AI and enterprise identity fraud: How to defend against AI-powered impersonation attacks
WorkOS Blog
AI-powered deepfakes and impersonation attacks are skyrocketing. Learn real-world examples, defensive strategies, and how WorkOS helps secure enterprise authentication and identity systems.
12日前

MFA vs. Passwordless authentication
WorkOS Blog
Explore the key differences between MFA (Multi-Factor Authentication) and Passwordless Authentication. Learn which approach is more secure, user-friendly, and scalable for your organization in 2025.
13日前

How to add auth to your Python CLI using WorkOS
WorkOS Blog
Authenticate users in your Python command-line tool with a secure OAuth 2.0 Device Code flow using WorkOS. This tutorial shows how to implement login via the terminal, step by step.
16日前

The complete guide to user management for B2B SaaS
WorkOS Blog
A technical deep-dive to building enterprise ready user management in B2B SaaS, covering SSO, SCIM, RBAC, MFA, audit logs, and what to build vs. buy.
16日前

How to Make Your Lovable App Enterprise Ready
WorkOS Blog
Transform your AI-generated prototype into a secure, scalable solution that enterprise customers will actually buy. Learn the essential steps to bridge the gap between Lovable's rapid development and true enterprise readiness.
17日前

How backup MFA codes work: Your safety net for Two-Factor Authentication
WorkOS Blog
Lost your phone or can’t access your authenticator app? Learn how backup MFA codes work, why they matter, and how to use them to stay secure and in control.
17日前

UX best practices for MFA
WorkOS Blog
A practical guide to designing user-friendly multi-factor authentication (MFA) flows that improve security without sacrificing user experience, covering both enrollment and sign-in best practices.
18日前

Enterprise AI Agent Playbook: What Anthropic and OpenAI Reveal About Building Production-Ready Systems
WorkOS Blog
While most companies struggle with AI proof-of-concepts, industry leaders have quietly published the playbooks behind these enterprise successes. Here's what separates Enterprise Ready AI agents from expensive experiements.
18日前

Enterprise ready MCP servers: How to secure, scale, and deploy for real-world AI
WorkOS Blog
How to turn your Model Context Protocol (MCP) server from a developer demo into a secure, scalable, enterprise ready platform, with best practices for auth, identity, governance, and beyond.
19日前

Why Most Enterprise AI Projects Fail — and the Patterns That Actually Work
WorkOS Blog
42% of companies abandoned most AI initiatives in 2025 — up from just 17% in 2024. After analyzing dozens of enterprise deployments, we found 4 patterns that separate winners from the graveyard of abandoned prototypes.
19日前

SAML explained simply: What is it and how it works
WorkOS Blog
Learn what SAML is, how it enables secure Single Sign-On (SSO), how it differs from OAuth, and how to set it up, all explained in plain English.
20日前

XMCP + AuthKit: The Fastest Way to Secure MCP Tools and Servers
WorkOS Blog
Learn how to add enterprise-grade OAuth2 authentication to XMCP servers with AuthKit in just a few lines of configuration. Perfect for securing AI tools, multi-tenant platforms, and internal applications.
20日前

Identity & SSO compliance: Why it matters and how to get it right
WorkOS Blog
Learn how SSO and automated user provisioning help B2B SaaS companies meet compliance standards like SOC 2, ISO 27001, HIPAA, and GDPR, and how WorkOS can get you enterprise-ready fast.
24日前

OAuth 2.0 Authorization Code Grant: What it is & how it works
WorkOS Blog
A comprehensive guide to the OAuth 2.0 Authorization Code Grant, including how the flow works, how to implement it with PKCE, and what’s new in OAuth 2.1.
25日前

How to add MFA to your homegrown auth using WorkOS
WorkOS Blog
Learn how to add Multi-Factor Authentication (MFA) to your homegrown authentication system using WorkOS, with detailed code examples for TOTP and SMS-based flows.
25日前

What are MITM attacks & how to prevent them
WorkOS Blog
A technical dive into man-in-the-middle (MITM) attacks—how they work, real-world tactics used by attackers, and best-practice defenses to protect software systems, APIs, and network traffic.
1ヶ月前

What is an AI agent?
WorkOS Blog
A beginner-friendly introduction to AI agents, exploring what they are, how they work, the different types, and why they matter in today’s AI-driven world.
1ヶ月前

Understanding Roots in Model Context Protocol (MCP)
WorkOS Blog
Learn how MCP Roots define resource boundaries in distributed systems, enabling clients to scope server behavior with clear, URI-based context declarations.
1ヶ月前

How to add auth to your Node.js CLI using WorkOS
WorkOS Blog
Authenticate users in your Node.js command-line tool with a secure OAuth 2.0 Device Code flow using WorkOS. This tutorial shows how to implement login via the terminal, step by step.
1ヶ月前

Agentic AI Examples
WorkOS Blog
These agentic AI examples in Python show the difference between systems that can reason and make decisions autonomously, and traditional more deterministic programming paradigms.
1ヶ月前

From blocking bots to optimizing for LLMs: How the web flipped its script
WorkOS Blog
Not long ago, we worked hard to keep bots off our websites. Today, we’re optimizing for them, especially LLMs like GPT and Claude. Here's how companies are opening up their content, while still fighting abuse where it counts.
1ヶ月前

Why SMS is not a secure Multi-Factor Authentication (MFA) method
WorkOS Blog
SMS-based multi-factor authentication (MFA) is still common, but it's fundamentally insecure. This article explains why developers should avoid SMS MFA and adopt stronger, phishing-resistant alternatives like TOTP and WebAuthn.
1ヶ月前

The Vercel MCP + WorkOS AuthKit template: deploy secure MCP servers globally in 5 minutes
WorkOS Blog
We built an MCP server template with Vercel's MCP adapter and secured by WorkOS AuthKit that you can use to rapidly deploy secured MCP servers globally.
1ヶ月前

How Single Sign-On (SSO) works – and how to add it to your app
WorkOS Blog
Learn how Single Sign-On (SSO) works, the differences between SAML and OIDC, and how to add enterprise-grade authentication to your app in minutes with WorkOS.
1ヶ月前

How B2B auth is different than Consumer auth
WorkOS Blog
A technical deep dive into the key differences between B2B and consumer authentication, with real-world examples and a breakdown of how WorkOS simplifies enterprise-ready auth.
1ヶ月前

How to build agent-friendly products
WorkOS Blog
Learn how to design APIs, documentation, authentication, and UIs that LLM-powered AI agents can reliably use. This guide covers agent-friendly patterns for error handling, rate limiting, pricing, and product integration.
1ヶ月前

What is the difference between causal, predictive, generative, and agentic AI?
WorkOS Blog
A visual overview of how Causal, Predictive, Generative, and Agentic AI relate — and why understanding their interplay matters for building smarter systems.
1ヶ月前

How to make your site LLM-friendly without inviting abuse
WorkOS Blog
Make your website legible and preferred by LLMs like ChatGPT and Claude. A practical guide to modern SEO for AI crawlers, structured data, and bot-friendly surfaces, without compromising security.
1ヶ月前

June Updates
WorkOS Blog
New this month: Custom CSS for AuthKit, WorkOS Feature Flags, CLI Auth, & more
1ヶ月前

How to build AI agents
WorkOS Blog
Learn how to design, build, and test AI agents powered by LLMs. This guide covers model selection, tool usage, prompt design, agent orchestration, authentication, and safety best practices.
1ヶ月前

Authenticate CLI tools seamlessly with OAuth Device Flow
WorkOS Blog
Allow users to sign in via CLIs and on TVs and other non-traditional devices
1ヶ月前

Enterprise Ready authentication for Supabase, powered by WorkOS
WorkOS Blog
Now you can integrate WorkOS as a third-party auth provider in Supabase—unlocking Enterprise Ready authentication for your app in minutes.
2ヶ月前

Introducing Feature Flags: Enterprise Ready feature management for B2B apps
WorkOS Blog
Designed for B2B applications, Feature Flags let you easily create organization-specific rules and roll out new features faster and more safely. Best of all, they’re integrated with AuthKit and can be enabled with just a few clicks.
2ヶ月前

Introducing custom CSS for AuthKit: Unlock full styling flexibility
WorkOS Blog
Now you can tailor your AuthKit login experience with precision using custom CSS—style individual elements, test hover states, and preserve your changes as you go. All without sacrificing core functionality.
2ヶ月前

Introducing MCP elicitation: Request user input at runtime
WorkOS Blog
A new runtime feature in the MCP ecosystem lets servers ask the user for exactly the context they need—when they need it.
2ヶ月前

Scaling up: How to launch your product with an Enterprise Plan
WorkOS Blog
Think you're ready for enterprise? This guide breaks down the capabilities you need to launch a true Enterprise Plan—and how WorkOS can help you get there.
2ヶ月前

Common pitfalls of MFA and how to avoid them
WorkOS Blog
MFA is everywhere — and attackers are still getting in. Here’s why your setup might be weaker than you think.
2ヶ月前

MCP Authorization in 5 easy OAuth specs
WorkOS Blog
Behind every secure MCP integration is a stack of OAuth standards working in harmony. Learn how they combine to deliver seamless authorization for LLMs.
2ヶ月前

Query caching using Nest.js and Typeorm
WorkOS Blog
We added a request-scoped query-cache layer to our API backend (NestJS + TypeORM + CLS) that cut duplicate database reads by ~30%, with zero code changes to individual queries, no stale-data risk, and no cross-request leakage.
2ヶ月前

Identity for AI: Who Are Your Agents and What Can They Do?
WorkOS Blog
Why traditional authentication fails for AI agents and the new identity patterns—from persona shadowing to capability tokens—that will secure our agent-driven future.
2ヶ月前

What does Enterprise Ready mean for AI?
WorkOS Blog
A practical guide for AI startups on what it really means to be Enterprise Ready—beyond model performance. Learn what enterprises expect and how to meet those demands without rebuilding your stack.
2ヶ月前

Introducing the WorkOS MCP Documentation Server
WorkOS Blog
Get the latest WorkOS context, docs, examples and changelogs where you're already working with the WorkOS MCP docs server.
2ヶ月前

SCIM: The hidden growth engine behind tools like Slack and Figma
WorkOS Blog
Learn how identity integration drives adoption, reduces churn, and helps top SaaS companies become indispensable from day one.
2ヶ月前

AI isn't magic. Context chaining is.
WorkOS Blog
Professional knowledge workers use AI tools more efficiently, because they understand how to manage context. Learn the best tactics to uplevel your entire organization.
2ヶ月前

Why AI still needs you: Exploring Human-in-the-Loop systems
WorkOS Blog
AI can do a lot on its own, but it still needs your help. Learn why keeping humans in the loop makes AI smarter, safer, and more useful.
2ヶ月前

How AI agents connect to systems: A technical guide
WorkOS Blog
From REST APIs to message queues and the Model Context Protocol—discover the building blocks that power system-aware AI.
2ヶ月前

How to implement an organization switcher with WorkOS and React
WorkOS Blog
Step-by-step tutorial on how to add an organization switcher to your app using React and WorkOS.
2ヶ月前

Understanding bearer tokens: What are they and how to use them securely
WorkOS Blog
The humble bearer token, explained—plus tips to use it safely and avoid common mistakes.
2ヶ月前

May updates
WorkOS Blog
New this month: MCP Authorization, update user emails, SAML custom attributes, & more
2ヶ月前

Securing AI agents: A guide to authentication, authorization, and defense
WorkOS Blog
From helpful assistants to unpredictable actors, AI agents introduce powerful capabilities—and serious security risks. This guide breaks down how to authenticate them, control what they can access, and defend your systems when things go wrong.
2ヶ月前

How MCP servers work: Components, logic, and architecture
WorkOS Blog
A behind-the-scenes look at the core components of an MCP server — from request handling and session orchestration to caching and context stores.
2ヶ月前

OpenAI's Codex wants to become your AI coworker
WorkOS Blog
Give Codex a bug report and it will spend the next 30 minutes debugging, writing tests, and submitting a pull request—while you grab coffee. What does it mean for developers?
2ヶ月前

What is free trial abuse -- and how can you stop it?
WorkOS Blog
What would you do if every new “user” signing up for your app cost you money?
2ヶ月前

Device Authorization Grant: Solving OAuth for screens without keyboards
WorkOS Blog
A practical guide for developers implementing secure, user-friendly login flows on smart TVs, IoT devices, and CLIs.
2ヶ月前

Flipping the flow: How MCP sampling lets servers ask the AI for help
WorkOS Blog
Explore how MCP transforms server logic with AI-powered completions, human approvals, and transparent workflows.
3ヶ月前

Email deliverability troubleshooting guide
WorkOS Blog
A step-by-step guide to diagnose, fix, and prevent email delivery issues.
3ヶ月前

Why building your own BYOK is a trap
WorkOS Blog
Enterprise customers want to bring their own keys. You don’t want to build the infrastructure to support it. WorkOS Vault bridges the gap with the fastest way to ship BYOK.
3ヶ月前

MCP Night 2025: When the AI infra community overflowed the Exploratorium in San Francisco
WorkOS Blog
On May 14, 2025, we threw the first-ever MCP Night, at the Exploratorium in San Francisco, dedicated to one of the most exciting developments in applied AI: the Model Context Protocol (MCP).
3ヶ月前

Why implementing SAML from scratch is a terrible idea
WorkOS Blog
SAML might look simple, but under the hood, it’s a legacy minefield of XML signatures, IdP quirks, and security pitfalls. Here’s why building it yourself is a guaranteed regret.
3ヶ月前

Your codebase is now addressable: Codex, Jules, and the Rise of agentic parallel coding
WorkOS Blog
Platforms like OpenAI Codex and Google Jules are taking a swing at distributed cognition for software teams. What does this mean?
3ヶ月前

Agno: The agent framework for Python teams
WorkOS Blog
Agno is an open-source framework that helps you build clean, composable and Pythonic agentic applications with tools, memory and reasoning capabilities.
3ヶ月前

Security threats in SPAs and how to defend against them
WorkOS Blog
A developer’s guide to identifying and fixing the most common security flaws in Single-page applications.
3ヶ月前

How to sync users from Entra ID to your app using Node and WorkOS
WorkOS Blog
Step-by-step tutorial that walks you through the necessary steps to add automated user provisioning to your app using SCIM, Entra ID, Node, and WorkOS, with just a few lines of code.
3ヶ月前

OAuth 2.1: What’s new, what’s gone, and how to migrate securely
WorkOS Blog
Learn what’s changed in OAuth 2.1, including the removal of implicit flow, mandatory PKCE, and modern refresh token strategies. This guide walks you through the security upgrades and offers a clear migration checklist to help you stay compliant and secure.
3ヶ月前

Secure by design: How engineers should build and consume APIs
WorkOS Blog
A practical guide to avoiding common pitfalls and implementing security best practices across both internal and third-party API integrations.
3ヶ月前

What is NIST and why should developers care?
WorkOS Blog
What if the most practical security guidance didn’t come from a startup, but from a government agency? Read how NIST’s peer-reviewed frameworks are powering real-world security.
3ヶ月前

Introducing RFC 9728: Say hello to standardized OAuth 2.0 resource metadata
WorkOS Blog
OAuth 2.0 just got a major upgrade in how resources describe themselves — find out what RFC 9728 introduces and why it matters.
3ヶ月前

Diagnosing SAML assertion failures: A step-by-step debugging guide
WorkOS Blog
From expired assertions to signature fails — a survival guide for anyone who's ever screamed at a SAML error message.
3ヶ月前

On-premises and hybrid authentication: Challenges and best practices
WorkOS Blog
How to avoid common pitfalls and build resilient auth systems in on-prem and hybrid setups.
3ヶ月前

The hidden pitfalls of SAML metadata: How to avoid downtime
WorkOS Blog
Misconfigured SAML metadata is one of the most overlooked causes of SSO failures. Learn how to spot hidden risks—and fix them before they break your login flow.
3ヶ月前

April Updates
WorkOS Blog
New this month: SSO Role Mapping, Schema-Based Policies, On-Prem Guides, and more
3ヶ月前

Mastra.ai Quickstart - How to build a TypeScript agent in 5 minutes or less
WorkOS Blog
Mastra is a TypeScript framework for agentic apps. In this post, we'll use it to build an agentic app that can fetch data from GitHub in less than 5 minutes.
3ヶ月前

oRPC: OpenAPI Remote Procedure Call for Type-Safe APIs
WorkOS Blog
oRPC (OpenAPI Remote Procedure Call) combines the familiarity of RPC with the industry-standard OpenAPI spec so that every request/response is fully typed from client to server. 
3ヶ月前

DBConnection pooling deep dive
WorkOS Blog
A deep dive on how pooled connections work in the Elixir DBConnection library.
3ヶ月前

In-Memory Distributed State with Delta CRDTs
WorkOS Blog
How to utilize delta conflict-free replicated data types for managing distributed cache or configuration state on an Elixir cluster.
3ヶ月前

Why your app needs refresh tokens—and how they work
WorkOS Blog
Session management is hard. Refresh tokens make it easier—and safer. This guide breaks down how they work, why you need them, and how to avoid common mistakes (with code included).
4ヶ月前

IBM’s Agent Communication Protocol (ACP): A technical overview for software engineers
WorkOS Blog
IBM Research’s Agent Communication Protocol (ACP) provides autonomous agents with a common “wire format” for talking to each other. But how does it differ from MCP and A2A?
4ヶ月前

SAML's signature problem: It’s not you, it’s XML
WorkOS Blog
A deep dive into the messy world of SAML signature verification bugs — complete with real examples, cautionary tales, and practical tips to keep your app out of trouble.
4ヶ月前

Agent to agent, not tool to tool: an engineer’s guide to Google’s A2A protocol
WorkOS Blog
Think of MCP as “plug this model into my data” and A2A as “now let several specialised models talk to each other.”
4ヶ月前

From 1.0.0 to 2025.4: Making sense of software versioning
WorkOS Blog
Confused by versioning? This guide breaks down the top strategies to help you pick the right one, keeping your project organized and your users in the loop.
4ヶ月前

WorkOS + Cloudflare MCP: Plug and Play Auth for Agentic AI Builders
WorkOS Blog
Until now, plugging your existing user authentication system into MCP servers was tricky. That’s where WorkOS and Cloudflare step in.
4ヶ月前

ArkType: A high-performance runtime type validation for TypeScript
WorkOS Blog
ArkType is a TypeScript-first runtime validation library built to erase the boundary between static type safety and runtime enforcement.
4ヶ月前

How to handle JWT in Python
WorkOS Blog
Everything you need to know to implement and validate JWTs securely in Python — from signing to verifying with JWKS, with code examples and best practices throughout.
4ヶ月前

Prisma ORM for TypeScript - A technical primer
WorkOS Blog
Prisma is one of the most popular Object-Relational Mappers (ORMs) in the TypeScript/JavaScript ecosystem due to its robust type-safety guarantees and seamless integration with frameworks like Next.js.
4ヶ月前