Block's Richard Moot demonstrates how they reduced their entire Square API platform—over 30 APIs with 200+ endpoints—down to just three MCP tools using an elegant layered approach.

Step-by-step guide to building a secure "sign out of all devices" feature using the WorkOS Sessions API in Node.js.

Eric Zakariasson from Cursor shares compelling data about how developers are actually using MCP in production, revealing adoption patterns and the most popular MCP servers in their ecosystem.

Valentina Bearzotti from Basement Studio demonstrated XMCP, a framework that might be the fastest way to create and deploy MCP servers, featuring file-system-based routing and one-command deployment.

At MCP Night 2.0, the team from Mux delivered one of the most compelling demonstrations of how MCP can transform video infrastructure for AI applications.

Liad Yosef and Ido Solomon from Monday.com demonstrate MCP-UI at MCP Night 2.0, showcasing how their framework brings rich, interactive user interfaces directly into AI agent conversations.

Learn what’s new in OAuth 2.1, why it’s replacing OAuth 2.0, and how to upgrade your app securely with modern best practices.

A practical guide to securing Model Context Protocol (MCP) deployments. Learn the key risks of MCP and the best practices for both servers and clients to build safer, more reliable AI integrations.

Learn how WorkOS acts as an OAuth bridge that removes authentication complexity so you can focus on building your MCP server's core functionality.

Bad sign-ups cost you money, skew your metrics, waste engineering time, and create compliance risks. Here’s how to block them before they hurt your SaaS.

Learn Apple’s 2025 App Store authentication requirements and see how to implement Sign in with Apple and other social logins using WorkOS AuthKit with OAuth 2.0 PKCE in your iOS app.

MCP vs A2A explained. Learn how these AI agent protocols differ, where each falls short, and why most real systems need both working together.

A 2025 guide to the top SSO solutions for SaaS apps, including features, pros, cons, and pricing, so you can choose the right provider to secure enterprise customers fast.

Learn how to set up Okta SAML Single Sign-On (SSO) and SCIM user provisioning with WorkOS in just one day using Node.js, enabling secure authentication and automated user management for your enterprise customers.

Why identity provider diversity is harder than it looks, and how WorkOS solves it with only one integration.

Learn how to use the WorkOS Sessions API to list and revoke user sessions, implement “sign out everywhere,” and strengthen SaaS security with enterprise-grade session management.

Learn how to implement organization-level feature flags in your B2B SaaS to enable features for specific customers, manage entitlements, and handle rollouts with a step-by-step guide using WorkOS Feature Flags.

On August 7, 2025, MCP Night 2.0 brought together 700 engineers, founders, and researchers at the Regency Ballroom in San Francisco for an evening of demos, discussions, and networking around the Model Context Protocol.

We’ve reimagined our technical interview to focus on what really matters: problem-solving.

Learn how the Model Context Protocol (MCP) handles authentication and authorization using OAuth 2.1 and API keys. This guide covers common patterns, security considerations, current limitations, and how to build a standards-compliant MCP server.

A guide for SaaS teams facing synthetic identity, deepfake, and account abuse risks. Learn how AI-driven fraud is reshaping digital security, and how WorkOS Radar enables real-time detection and prevention before damage is done.

Learn how to leverage Model Context Protocol’s six core features to build secure and scalable AI applications.

Learn the difference between MFA and SSO, why they’re not interchangeable, and how using both creates seamless and secure enterprise access management.

Discover why the decades-old SAML protocol remains indispensable for enterprise SSO and federation, how it compares to modern OpenID Connect, and what the future of identity federation holds.

ChatGPT’s release in late 2022 marked the beginning of the large language model era. But 2024 brought a quieter, more technical shift: the rise of reasoning LLMs. Two years later—how is it actually going?

Step-by-step tutorial that walks you through the necessary steps to add automated user provisioning to your app using SCIM, Google Workspace, Ruby, and WorkOS, with just a few lines of code.

Discover how SCIM (System for Cross-domain Identity Management) transforms B2B SaaS scalability by automating user provisioning, enhancing security, and enabling enterprise growth with WorkOS.

New this month: Convex Integration, Country Blocks, SMS Challenges, Custom Fonts, & More

WorkOS and Convex join forces to bring seamless Enterprise Ready authentication to the modern TypeScript backend.

Anthropic’s Computer Use gives Claude direct control over your desktop, letting it interact with native apps and the web like a human. OpenAI’s Computer Using Agent runs GPT-4o in a secure virtual browser, where it follows high-level instructions to navigate web UIs and complete tasks.

Authenticate users in your Go command-line tool with a secure OAuth 2.0 Device Code flow using WorkOS. This tutorial shows how to implement login via the terminal, step by step.

A complete technical guide to understanding SAML assertions, covering their structure, responses, lifecycle, common errors, debugging best practices, and step-by-step implementation of SAML SSO using WorkOS.

Can an LLM build a non-trivial UI component? I tested Claude, Gemini, and o3 on a tree-based combobox and shared what worked, what didn’t, and where they fell short.

AI-powered deepfakes and impersonation attacks are skyrocketing. Learn real-world examples, defensive strategies, and how WorkOS helps secure enterprise authentication and identity systems.

Explore the key differences between MFA (Multi-Factor Authentication) and Passwordless Authentication. Learn which approach is more secure, user-friendly, and scalable for your organization in 2025.

Authenticate users in your Python command-line tool with a secure OAuth 2.0 Device Code flow using WorkOS. This tutorial shows how to implement login via the terminal, step by step.

A technical deep-dive to building enterprise ready user management in B2B SaaS, covering SSO, SCIM, RBAC, MFA, audit logs, and what to build vs. buy.

Transform your AI-generated prototype into a secure, scalable solution that enterprise customers will actually buy. Learn the essential steps to bridge the gap between Lovable's rapid development and true enterprise readiness.

Lost your phone or can’t access your authenticator app? Learn how backup MFA codes work, why they matter, and how to use them to stay secure and in control.

A practical guide to designing user-friendly multi-factor authentication (MFA) flows that improve security without sacrificing user experience, covering both enrollment and sign-in best practices.

While most companies struggle with AI proof-of-concepts, industry leaders have quietly published the playbooks behind these enterprise successes. Here's what separates Enterprise Ready AI agents from expensive experiements.

How to turn your Model Context Protocol (MCP) server from a developer demo into a secure, scalable, enterprise ready platform, with best practices for auth, identity, governance, and beyond.

42% of companies abandoned most AI initiatives in 2025 — up from just 17% in 2024. After analyzing dozens of enterprise deployments, we found 4 patterns that separate winners from the graveyard of abandoned prototypes.

Learn what SAML is, how it enables secure Single Sign-On (SSO), how it differs from OAuth, and how to set it up, all explained in plain English.

Learn how to add enterprise-grade OAuth2 authentication to XMCP servers with AuthKit in just a few lines of configuration. Perfect for securing AI tools, multi-tenant platforms, and internal applications.

Learn how SSO and automated user provisioning help B2B SaaS companies meet compliance standards like SOC 2, ISO 27001, HIPAA, and GDPR, and how WorkOS can get you enterprise-ready fast.

A comprehensive guide to the OAuth 2.0 Authorization Code Grant, including how the flow works, how to implement it with PKCE, and what’s new in OAuth 2.1.

Learn how to add Multi-Factor Authentication (MFA) to your homegrown authentication system using WorkOS, with detailed code examples for TOTP and SMS-based flows.

A technical dive into man-in-the-middle (MITM) attacks—how they work, real-world tactics used by attackers, and best-practice defenses to protect software systems, APIs, and network traffic.

A beginner-friendly introduction to AI agents, exploring what they are, how they work, the different types, and why they matter in today’s AI-driven world.

Learn how MCP Roots define resource boundaries in distributed systems, enabling clients to scope server behavior with clear, URI-based context declarations.

Authenticate users in your Node.js command-line tool with a secure OAuth 2.0 Device Code flow using WorkOS. This tutorial shows how to implement login via the terminal, step by step.

These agentic AI examples in Python show the difference between systems that can reason and make decisions autonomously, and traditional more deterministic programming paradigms.

Not long ago, we worked hard to keep bots off our websites. Today, we’re optimizing for them, especially LLMs like GPT and Claude. Here's how companies are opening up their content, while still fighting abuse where it counts.

SMS-based multi-factor authentication (MFA) is still common, but it's fundamentally insecure. This article explains why developers should avoid SMS MFA and adopt stronger, phishing-resistant alternatives like TOTP and WebAuthn.

We built an MCP server template with Vercel's MCP adapter and secured by WorkOS AuthKit that you can use to rapidly deploy secured MCP servers globally.

Learn how Single Sign-On (SSO) works, the differences between SAML and OIDC, and how to add enterprise-grade authentication to your app in minutes with WorkOS.

A technical deep dive into the key differences between B2B and consumer authentication, with real-world examples and a breakdown of how WorkOS simplifies enterprise-ready auth.

Learn how to design APIs, documentation, authentication, and UIs that LLM-powered AI agents can reliably use. This guide covers agent-friendly patterns for error handling, rate limiting, pricing, and product integration.

A visual overview of how Causal, Predictive, Generative, and Agentic AI relate — and why understanding their interplay matters for building smarter systems.

Make your website legible and preferred by LLMs like ChatGPT and Claude. A practical guide to modern SEO for AI crawlers, structured data, and bot-friendly surfaces, without compromising security.

New this month: Custom CSS for AuthKit, WorkOS Feature Flags, CLI Auth, & more

Learn how to design, build, and test AI agents powered by LLMs. This guide covers model selection, tool usage, prompt design, agent orchestration, authentication, and safety best practices.

Allow users to sign in via CLIs and on TVs and other non-traditional devices

Connect AuthKit to the tools you already use.

Now you can integrate WorkOS as a third-party auth provider in Supabase—unlocking Enterprise Ready authentication for your app in minutes.

Designed for B2B applications, Feature Flags let you easily create organization-specific rules and roll out new features faster and more safely. Best of all, they’re integrated with AuthKit and can be enabled with just a few clicks.

Now you can tailor your AuthKit login experience with precision using custom CSS—style individual elements, test hover states, and preserve your changes as you go. All without sacrificing core functionality.

A new runtime feature in the MCP ecosystem lets servers ask the user for exactly the context they need—when they need it.

Think you're ready for enterprise? This guide breaks down the capabilities you need to launch a true Enterprise Plan—and how WorkOS can help you get there.

MFA is everywhere — and attackers are still getting in. Here’s why your setup might be weaker than you think.

Behind every secure MCP integration is a stack of OAuth standards working in harmony. Learn how they combine to deliver seamless authorization for LLMs.

We added a request-scoped query-cache layer to our API backend (NestJS + TypeORM + CLS) that cut duplicate database reads by ~30%, with zero code changes to individual queries, no stale-data risk, and no cross-request leakage.

Why traditional authentication fails for AI agents and the new identity patterns—from persona shadowing to capability tokens—that will secure our agent-driven future.

A practical guide for AI startups on what it really means to be Enterprise Ready—beyond model performance. Learn what enterprises expect and how to meet those demands without rebuilding your stack.

Get the latest WorkOS context, docs, examples and changelogs where you're already working with the WorkOS MCP docs server.

Learn how identity integration drives adoption, reduces churn, and helps top SaaS companies become indispensable from day one.

Professional knowledge workers use AI tools more efficiently, because they understand how to manage context. Learn the best tactics to uplevel your entire organization.

AI can do a lot on its own, but it still needs your help. Learn why keeping humans in the loop makes AI smarter, safer, and more useful.

From REST APIs to message queues and the Model Context Protocol—discover the building blocks that power system-aware AI.

Step-by-step tutorial on how to add an organization switcher to your app using React and WorkOS.

The humble bearer token, explained—plus tips to use it safely and avoid common mistakes.

New this month: MCP Authorization, update user emails, SAML custom attributes, & more

From helpful assistants to unpredictable actors, AI agents introduce powerful capabilities—and serious security risks. This guide breaks down how to authenticate them, control what they can access, and defend your systems when things go wrong.

A behind-the-scenes look at the core components of an MCP server — from request handling and session orchestration to caching and context stores.

Give Codex a bug report and it will spend the next 30 minutes debugging, writing tests, and submitting a pull request—while you grab coffee. What does it mean for developers?

What would you do if every new “user” signing up for your app cost you money?

A practical guide for developers implementing secure, user-friendly login flows on smart TVs, IoT devices, and CLIs.

Explore how MCP transforms server logic with AI-powered completions, human approvals, and transparent workflows.

A step-by-step guide to diagnose, fix, and prevent email delivery issues.

Enterprise customers want to bring their own keys. You don’t want to build the infrastructure to support it. WorkOS Vault bridges the gap with the fastest way to ship BYOK.

On May 14, 2025, we threw the first-ever MCP Night, at the Exploratorium in San Francisco, dedicated to one of the most exciting developments in applied AI: the Model Context Protocol (MCP).

SAML might look simple, but under the hood, it’s a legacy minefield of XML signatures, IdP quirks, and security pitfalls. Here’s why building it yourself is a guaranteed regret.

Platforms like OpenAI Codex and Google Jules are taking a swing at distributed cognition for software teams. What does this mean?

Agno is an open-source framework that helps you build clean, composable and Pythonic agentic applications with tools, memory and reasoning capabilities.

A developer’s guide to identifying and fixing the most common security flaws in Single-page applications.

Step-by-step tutorial that walks you through the necessary steps to add automated user provisioning to your app using SCIM, Entra ID, Node, and WorkOS, with just a few lines of code.

Learn what’s changed in OAuth 2.1, including the removal of implicit flow, mandatory PKCE, and modern refresh token strategies. This guide walks you through the security upgrades and offers a clear migration checklist to help you stay compliant and secure.

A practical guide to avoiding common pitfalls and implementing security best practices across both internal and third-party API integrations.

What if the most practical security guidance didn’t come from a startup, but from a government agency? Read how NIST’s peer-reviewed frameworks are powering real-world security.