A practical comparison of modern auth providers, trade-offs, and best practices for Flask apps.

A practical comparison of modern auth providers, trade-offs, and best practices for FastAPI apps.

A practical comparison of modern auth providers, trade-offs, and best practices for Django apps.

A practical comparison of modern auth providers, trade-offs, and best practices for Laravel apps.

How Claude and ChatGPT became platforms, why MCP Apps are the new mobile apps, and what to build first.

A practical comparison of modern auth providers, trade-offs, and best practices for Remix apps.

A practical comparison of modern auth providers, trade-offs, and best practices for Node.js architecture.

WorkOS AI-powered Installer, Node SDK v8, new Pipes providers, & more

A practical comparison of modern auth providers, trade-offs, and best practices for Rails apps.

How OpenAI, Slack, and GitHub are splitting architectures to keep sensitive content in-region while routing identity globally, and why most enterprises accept the trade-off.

The xmcp framework now ships with a first-party WorkOS plugin, making it easy to add OAuth 2.0 authentication to your MCP servers with just a few lines of code.

A conversation with Remy Guercio about Tailscale's AI gateway

What are MCP apps and why they’re going to change how you build apps on Claude and ChatGPT.

A practical comparison of modern auth providers, trade-offs, and best practices for React apps.

Build a JavaScript app that lets users connect Google Drive and list their files in your app, without doing any of the OAuth plumbing work, using WorkOS Pipes.

Build a JavaScript app that lets users connect Google Calendar and list their calendar events with a refreshed access token, using WorkOS Pipes.

A practical comparison of modern auth providers, trade-offs, and best practices for TanStack Start’s server-first architecture.

Build a Node app that lets users connect Linear and list their issues with a refreshed access token, without implementing OAuth.

A practical comparison of modern auth providers, trade-offs, and best practices for App Router–based Next.js applications.

Build a Node app that lets users connect GitHub and list their repos with a refreshed access token, without implementing OAuth.

Step-by-step tutorial that walks you through the necessary steps to add automated user provisioning to your Laravel app using SCIM, Okta, and WorkOS, with just a few lines of code.

Engineering leadership at WorkOS blends product ownership, technical stewardship, and people leadership. Engineering managers stay close to the code, the team, and customers.

A practical guide for adding enterprise SSO to an existing auth system without rebuilding everything

Building modern applications increasingly means connecting to multiple third-party services. We built Pipes to handle OAuth flows, token management, and provider setup for you.

A conversation with Andrew Qu, CTO of Vercel.

A conversation with Ajay Kulkarni from Tiger Data.

A conversation with Zack Kanter, CEO of Stedi, at AWS re:Invent 2025.

A conversation with Sam Lambert, CEO of PlanetScale.

A conversation with Eric Bernhardsson, CEO of Modal

A conversation with Laurens Van Houtven from Latacora

A conversation with Taylor Otwell, creator of Laravel, at AWS re:Invent 2025.

A conversation with Brian Scanlan from Intercom at AWS re:Invent 2025.

A conversation with Chris Evans, CTO at Incident.io.

A conversation with Forrest Brazeal from Freeman & Forrest

A conversation with Kyle Galbraith from Depot at re:Invent 2025.

A conversation with William Pienaar, co-founder and CTO of Cleric.

A conversation with Ronak Desai from Ciroos at AWS re:Invent 2025.

A conversation with Paul Klein from Browserbase.

A conversation with Philip Kiely from Baseten at AWS re:Invent 2025.

A conversation with the hosts of Acquired podcast.

We spent a week at re:Invent interviewing founders, CTOs, and builders across the developer tools ecosystem. Here's everything we learned.

A practical guide to creating, sending, and validating JSON Web Tokens in modern JavaScript.

How MCP is evolving from model-driven execution to collaborative workflows with sampling and elicitation.

What asymmetric client authentication is, why it’s safer than client secrets, and how it works in practice.

Why some user interactions cannot safely happen inside the MCP client, and how URL-mode elicitation helps.

The naive approach to RAG authorization creates a scaling nightmare. Here's the pattern that actually works.

A practical guide to onboarding organizations, admins, and users at scale.

Fireworks.ai is betting that inference is the real AI runtime. A look at its PyTorch roots, serving stack, and compound model strategy.

WorkOS Pipes, AuthKit for Platforms, Multiple Roles for SSO and SCIM, & more

The hidden stack that lives between a model that works and a product that scales.

The spec evolution that made zero-config MCP connections possible—and closed a category of security holes

How enterprise software teams can ship faster without breaking trust

Understand how OAuth clients authenticate and when you should use client secrets vs private key JWT.

Build a CIMD-based confidential MCP client in Python using Authorization Code + PKCE.

Anthropic, OpenAI, Block, and the Linux Foundation discuss governing MCP together as the new Agentic AI Foundation launches with 50 companies on day one.

Michael Grinich traces MCP's evolution from local file system interface to industry standard, announces the Agentic AI Foundation, and walks through the latest spec updates.

Paul Irish shows how Chrome DevTools' MCP integration lets AI agents parse 15M-line performance traces and debug browser sessions programmatically.

Den Delimarsky demonstrates MCP's new auth flow—Protected Resource Metadata replaces Dynamic Client Registration for zero-config authentication.

Reilly Wood on why structured queries beat freeform commands at scale

Craig Cannon demos the Turbo-Man Tracker at MCP Night, showing how Supabase's MCP server turns natural language into SQL queries in real-time.

Cloudflare's Code Mode generates code instead of calling MCP tools directly—cutting token usage by 32% for simple tasks and 81% for complex batch operations.

A practical guide to choosing the right role-based access control provider for modern multi-tenant SaaS apps.

MCP Night, The Holiday Special, marked a historic moment: Anthropic donated MCP to the Linux Foundation, launching the Agentic AI Foundation. Demos from Cloudflare, Supabase, Datadog, Microsoft, and Google.

How the Identity Assertion Authorization Grant (ID-JAG)—marketed by Okta as Cross-App Access (XAA)—lets enterprises manage MCP AI app connections through their IdP, with centralized visibility, policy control, and no consent fatigue.

The Linux Foundation unites MCP, goose, and AGENTS.md under open governance. WorkOS breaks down what the new Agentic AI Foundation (AAIF) means for developers.

A practical guide to OAuth’s original MCP onboarding method: how DCR works, where it breaks at scale, and why it still matters alongside CIMD.

Scalable, stateless client registration for AI agents: using a URL as your OAuth client ID to access MCP servers.

OAuth 2.0 and OIDC are no longer just for SSO or integrations; they’re the trust layer that makes AI agents safe, scoped, and governable.

Strengthened SSO Security with Sign-in Consent, CIMD Support for MCP Auth, AuthKit SDK for TanStack Start, & more

‍AWS’s new “open training” approach could fundamentally reshape who gets to build frontier-grade AI models—and what they can do with their proprietary data.

What MCP Tasks are, why they matter, and the full technical guide to implementing them.

Auth0 FGA requires schemas and DSLs. WorkOS FGA extends RBAC without the complexity tax—no new languages, incremental adoption, 10M free operations. Compare both.

A practical, end-to-end deep dive into data isolation, tenant-aware auth, scaling, and compliance for B2B SaaS.

Learn how Arcade’s MCP-native, credential-isolating tool-calling platform complements WorkOS’s full-stack enterprise auth to secure AI agents and B2B SaaS apps.

A technical guide to MCP client registration: Dynamic Client Registration (DCR) vs Client ID Metadata Documents (CIMD).

How modern apps get access to your data without your password.

Duality AI provides high-fidelity digital twin simulation for robotics and embodied AI, enabling teams to generate synthetic data, test autonomy, and validate real-world behavior safely in virtual environments.

WorkOS FGA introduces a new approach to SaaS authorization that extends familiar RBAC into a flexible, hierarchical model designed for real product evolution. Learn why traditional RBAC and schema-driven FGA systems break down as applications grow, how WorkOS’ resource-scoped model avoids rewrites and role explosion, and how it supports enterprise identity mapping, high-cardinality architectures, and emerging AI agent workflows.

Keep tenants isolated, roles sane, and your auth layer out of incident reviews.

The checklist that makes authorization boring, predictable, and surprisingly hard to break.

Year two starts with fewer hacks and more infrastructure.

Read how the agent connector boom turned into the internet’s newest security liability and how to fix it before the next CVE.

A practical guide to the best OAuth/OIDC platforms for securing autonomous AI agents.

Everything you need to know about choosing a SAML provider for enterprise SSO in modern B2B platforms.

Everything you need to know about OTPs, from HOTP and TOTP internals to real-world pros and cons, plus how WorkOS can help you implement them cleanly.

WorkOS is a proud partner in the Microsoft Entra Agent ID partner ecosystem.

Everything you need to know to implement and validate JWTs securely in Go: from signing to verifying with JWKS, with code examples and best practices throughout.

A developer-focused walkthrough of SAML SSO for developers who want to understand all the moving parts without needing a PhD in XML sorcery.

A practical guide to choosing the right machine authentication model for your SaaS product.

Understanding the intent behind 401 vs 403, 400 vs 422, and other misunderstood status codes.

Comparing Obsidian Security's SaaS monitoring to WorkOS's proven authentication infrastructure for securing AI agents in production.

The illusion of free: How open source SSO quietly makes your team the vendor, the patch manager, and the on-call ops team.

Comparing Credo AI's governance platform to WorkOS's proven authentication infrastructure for securing AI agents in production environments.

Comparing Zenity's AI agent observability platform to WorkOS's proven authentication and authorization infrastructure for enterprise AI security.

Comparing Bedrock Data's data governance platform to WorkOS's comprehensive authentication and authorization infrastructure for securing AI agents and autonomous systems.

Aim Security was acquired by Cato Networks in 2025. Compare their runtime threat detection approach with WorkOS's proven authentication and authorization for AI agents.

A comprehensive comparison of Noma Security and WorkOS for securing AI agents and autonomous systems in enterprise environments.

Comparing Relyance AI's privacy management platform to WorkOS's comprehensive authentication infrastructure for securing AI agents.

Comparing Skyflow's data privacy vault to WorkOS's comprehensive authentication and authorization infrastructure for securing AI agents.

Comparing Immuta's data governance platform to WorkOS's comprehensive authentication and authorization infrastructure for securing AI agents.