We’ve reimagined our technical interview to focus on what really matters: problem-solving.

Learn how the Model Context Protocol (MCP) handles authentication and authorization using OAuth 2.1 and API keys. This guide covers common patterns, security considerations, current limitations, and how to build a standards-compliant MCP server.

A guide for SaaS teams facing synthetic identity, deepfake, and account abuse risks. Learn how AI-driven fraud is reshaping digital security, and how WorkOS Radar enables real-time detection and prevention before damage is done.

Learn how to leverage Model Context Protocol’s six core features to build secure and scalable AI applications.

Learn the difference between MFA and SSO, why they’re not interchangeable, and how using both creates seamless and secure enterprise access management.

Discover why the decades-old SAML protocol remains indispensable for enterprise SSO and federation, how it compares to modern OpenID Connect, and what the future of identity federation holds.

ChatGPT’s release in late 2022 marked the beginning of the large language model era. But 2024 brought a quieter, more technical shift: the rise of reasoning LLMs. Two years later—how is it actually going?

Step-by-step tutorial that walks you through the necessary steps to add automated user provisioning to your app using SCIM, Google Workspace, Ruby, and WorkOS, with just a few lines of code.

Discover how SCIM (System for Cross-domain Identity Management) transforms B2B SaaS scalability by automating user provisioning, enhancing security, and enabling enterprise growth with WorkOS.

New this month: Convex Integration, Country Blocks, SMS Challenges, Custom Fonts, & More

WorkOS and Convex join forces to bring seamless Enterprise Ready authentication to the modern TypeScript backend.

Anthropic’s Computer Use gives Claude direct control over your desktop, letting it interact with native apps and the web like a human. OpenAI’s Computer Using Agent runs GPT-4o in a secure virtual browser, where it follows high-level instructions to navigate web UIs and complete tasks.

Authenticate users in your Go command-line tool with a secure OAuth 2.0 Device Code flow using WorkOS. This tutorial shows how to implement login via the terminal, step by step.

A complete technical guide to understanding SAML assertions, covering their structure, responses, lifecycle, common errors, debugging best practices, and step-by-step implementation of SAML SSO using WorkOS.

Can an LLM build a non-trivial UI component? I tested Claude, Gemini, and o3 on a tree-based combobox and shared what worked, what didn’t, and where they fell short.

AI-powered deepfakes and impersonation attacks are skyrocketing. Learn real-world examples, defensive strategies, and how WorkOS helps secure enterprise authentication and identity systems.

Explore the key differences between MFA (Multi-Factor Authentication) and Passwordless Authentication. Learn which approach is more secure, user-friendly, and scalable for your organization in 2025.

Authenticate users in your Python command-line tool with a secure OAuth 2.0 Device Code flow using WorkOS. This tutorial shows how to implement login via the terminal, step by step.

A technical deep-dive to building enterprise ready user management in B2B SaaS, covering SSO, SCIM, RBAC, MFA, audit logs, and what to build vs. buy.

Transform your AI-generated prototype into a secure, scalable solution that enterprise customers will actually buy. Learn the essential steps to bridge the gap between Lovable's rapid development and true enterprise readiness.

Lost your phone or can’t access your authenticator app? Learn how backup MFA codes work, why they matter, and how to use them to stay secure and in control.

A practical guide to designing user-friendly multi-factor authentication (MFA) flows that improve security without sacrificing user experience, covering both enrollment and sign-in best practices.

While most companies struggle with AI proof-of-concepts, industry leaders have quietly published the playbooks behind these enterprise successes. Here's what separates Enterprise Ready AI agents from expensive experiements.

How to turn your Model Context Protocol (MCP) server from a developer demo into a secure, scalable, enterprise ready platform, with best practices for auth, identity, governance, and beyond.

42% of companies abandoned most AI initiatives in 2025 — up from just 17% in 2024. After analyzing dozens of enterprise deployments, we found 4 patterns that separate winners from the graveyard of abandoned prototypes.

Learn what SAML is, how it enables secure Single Sign-On (SSO), how it differs from OAuth, and how to set it up, all explained in plain English.

Learn how to add enterprise-grade OAuth2 authentication to XMCP servers with AuthKit in just a few lines of configuration. Perfect for securing AI tools, multi-tenant platforms, and internal applications.

Learn how SSO and automated user provisioning help B2B SaaS companies meet compliance standards like SOC 2, ISO 27001, HIPAA, and GDPR, and how WorkOS can get you enterprise-ready fast.

A comprehensive guide to the OAuth 2.0 Authorization Code Grant, including how the flow works, how to implement it with PKCE, and what’s new in OAuth 2.1.

Learn how to add Multi-Factor Authentication (MFA) to your homegrown authentication system using WorkOS, with detailed code examples for TOTP and SMS-based flows.

A technical dive into man-in-the-middle (MITM) attacks—how they work, real-world tactics used by attackers, and best-practice defenses to protect software systems, APIs, and network traffic.

A beginner-friendly introduction to AI agents, exploring what they are, how they work, the different types, and why they matter in today’s AI-driven world.

Learn how MCP Roots define resource boundaries in distributed systems, enabling clients to scope server behavior with clear, URI-based context declarations.

Authenticate users in your Node.js command-line tool with a secure OAuth 2.0 Device Code flow using WorkOS. This tutorial shows how to implement login via the terminal, step by step.

These agentic AI examples in Python show the difference between systems that can reason and make decisions autonomously, and traditional more deterministic programming paradigms.

Not long ago, we worked hard to keep bots off our websites. Today, we’re optimizing for them, especially LLMs like GPT and Claude. Here's how companies are opening up their content, while still fighting abuse where it counts.

SMS-based multi-factor authentication (MFA) is still common, but it's fundamentally insecure. This article explains why developers should avoid SMS MFA and adopt stronger, phishing-resistant alternatives like TOTP and WebAuthn.

We built an MCP server template with Vercel's MCP adapter and secured by WorkOS AuthKit that you can use to rapidly deploy secured MCP servers globally.

Learn how Single Sign-On (SSO) works, the differences between SAML and OIDC, and how to add enterprise-grade authentication to your app in minutes with WorkOS.

A technical deep dive into the key differences between B2B and consumer authentication, with real-world examples and a breakdown of how WorkOS simplifies enterprise-ready auth.

Learn how to design APIs, documentation, authentication, and UIs that LLM-powered AI agents can reliably use. This guide covers agent-friendly patterns for error handling, rate limiting, pricing, and product integration.

A visual overview of how Causal, Predictive, Generative, and Agentic AI relate — and why understanding their interplay matters for building smarter systems.

Make your website legible and preferred by LLMs like ChatGPT and Claude. A practical guide to modern SEO for AI crawlers, structured data, and bot-friendly surfaces, without compromising security.

New this month: Custom CSS for AuthKit, WorkOS Feature Flags, CLI Auth, & more

Learn how to design, build, and test AI agents powered by LLMs. This guide covers model selection, tool usage, prompt design, agent orchestration, authentication, and safety best practices.

Allow users to sign in via CLIs and on TVs and other non-traditional devices

Connect AuthKit to the tools you already use.

Now you can integrate WorkOS as a third-party auth provider in Supabase—unlocking Enterprise Ready authentication for your app in minutes.

Designed for B2B applications, Feature Flags let you easily create organization-specific rules and roll out new features faster and more safely. Best of all, they’re integrated with AuthKit and can be enabled with just a few clicks.

Now you can tailor your AuthKit login experience with precision using custom CSS—style individual elements, test hover states, and preserve your changes as you go. All without sacrificing core functionality.

A new runtime feature in the MCP ecosystem lets servers ask the user for exactly the context they need—when they need it.

Think you're ready for enterprise? This guide breaks down the capabilities you need to launch a true Enterprise Plan—and how WorkOS can help you get there.

MFA is everywhere — and attackers are still getting in. Here’s why your setup might be weaker than you think.

Behind every secure MCP integration is a stack of OAuth standards working in harmony. Learn how they combine to deliver seamless authorization for LLMs.

We added a request-scoped query-cache layer to our API backend (NestJS + TypeORM + CLS) that cut duplicate database reads by ~30%, with zero code changes to individual queries, no stale-data risk, and no cross-request leakage.

Why traditional authentication fails for AI agents and the new identity patterns—from persona shadowing to capability tokens—that will secure our agent-driven future.

A practical guide for AI startups on what it really means to be Enterprise Ready—beyond model performance. Learn what enterprises expect and how to meet those demands without rebuilding your stack.

Get the latest WorkOS context, docs, examples and changelogs where you're already working with the WorkOS MCP docs server.

Learn how identity integration drives adoption, reduces churn, and helps top SaaS companies become indispensable from day one.

Professional knowledge workers use AI tools more efficiently, because they understand how to manage context. Learn the best tactics to uplevel your entire organization.

AI can do a lot on its own, but it still needs your help. Learn why keeping humans in the loop makes AI smarter, safer, and more useful.

From REST APIs to message queues and the Model Context Protocol—discover the building blocks that power system-aware AI.

Step-by-step tutorial on how to add an organization switcher to your app using React and WorkOS.

The humble bearer token, explained—plus tips to use it safely and avoid common mistakes.

New this month: MCP Authorization, update user emails, SAML custom attributes, & more

From helpful assistants to unpredictable actors, AI agents introduce powerful capabilities—and serious security risks. This guide breaks down how to authenticate them, control what they can access, and defend your systems when things go wrong.

A behind-the-scenes look at the core components of an MCP server — from request handling and session orchestration to caching and context stores.

Give Codex a bug report and it will spend the next 30 minutes debugging, writing tests, and submitting a pull request—while you grab coffee. What does it mean for developers?

What would you do if every new “user” signing up for your app cost you money?

A practical guide for developers implementing secure, user-friendly login flows on smart TVs, IoT devices, and CLIs.

Explore how MCP transforms server logic with AI-powered completions, human approvals, and transparent workflows.

A step-by-step guide to diagnose, fix, and prevent email delivery issues.

Enterprise customers want to bring their own keys. You don’t want to build the infrastructure to support it. WorkOS Vault bridges the gap with the fastest way to ship BYOK.

On May 14, 2025, we threw the first-ever MCP Night, at the Exploratorium in San Francisco, dedicated to one of the most exciting developments in applied AI: the Model Context Protocol (MCP).

SAML might look simple, but under the hood, it’s a legacy minefield of XML signatures, IdP quirks, and security pitfalls. Here’s why building it yourself is a guaranteed regret.

Platforms like OpenAI Codex and Google Jules are taking a swing at distributed cognition for software teams. What does this mean?

Agno is an open-source framework that helps you build clean, composable and Pythonic agentic applications with tools, memory and reasoning capabilities.

A developer’s guide to identifying and fixing the most common security flaws in Single-page applications.

Step-by-step tutorial that walks you through the necessary steps to add automated user provisioning to your app using SCIM, Entra ID, Node, and WorkOS, with just a few lines of code.

Learn what’s changed in OAuth 2.1, including the removal of implicit flow, mandatory PKCE, and modern refresh token strategies. This guide walks you through the security upgrades and offers a clear migration checklist to help you stay compliant and secure.

A practical guide to avoiding common pitfalls and implementing security best practices across both internal and third-party API integrations.

What if the most practical security guidance didn’t come from a startup, but from a government agency? Read how NIST’s peer-reviewed frameworks are powering real-world security.

OAuth 2.0 just got a major upgrade in how resources describe themselves — find out what RFC 9728 introduces and why it matters.

From expired assertions to signature fails — a survival guide for anyone who's ever screamed at a SAML error message.

How to avoid common pitfalls and build resilient auth systems in on-prem and hybrid setups.

Misconfigured SAML metadata is one of the most overlooked causes of SSO failures. Learn how to spot hidden risks—and fix them before they break your login flow.

New this month: SSO Role Mapping, Schema-Based Policies, On-Prem Guides, and more

Mastra is a TypeScript framework for agentic apps. In this post, we'll use it to build an agentic app that can fetch data from GitHub in less than 5 minutes.

oRPC (OpenAPI Remote Procedure Call) combines the familiarity of RPC with the industry-standard OpenAPI spec so that every request/response is fully typed from client to server. 

A deep dive on how pooled connections work in the Elixir DBConnection library.

How to utilize delta conflict-free replicated data types for managing distributed cache or configuration state on an Elixir cluster.

Session management is hard. Refresh tokens make it easier—and safer. This guide breaks down how they work, why you need them, and how to avoid common mistakes (with code included).

IBM Research’s Agent Communication Protocol (ACP) provides autonomous agents with a common “wire format” for talking to each other. But how does it differ from MCP and A2A?

A deep dive into the messy world of SAML signature verification bugs — complete with real examples, cautionary tales, and practical tips to keep your app out of trouble.

Think of MCP as “plug this model into my data” and A2A as “now let several specialised models talk to each other.”

Confused by versioning? This guide breaks down the top strategies to help you pick the right one, keeping your project organized and your users in the loop.

Until now, plugging your existing user authentication system into MCP servers was tricky. That’s where WorkOS and Cloudflare step in.

ArkType is a TypeScript-first runtime validation library built to erase the boundary between static type safety and runtime enforcement.

Everything you need to know to implement and validate JWTs securely in Python — from signing to verifying with JWKS, with code examples and best practices throughout.

Prisma is one of the most popular Object-Relational Mappers (ORMs) in the TypeScript/JavaScript ecosystem due to its robust type-safety guarantees and seamless integration with frameworks like Next.js.