How AI agents get hijacked, poisoned, and over-privileged, and why identity is the fix for most of it.

How comparing login timestamps and locations catches credential theft before attackers get in.

Let users sync their GitLab projects in your app, using a fresh access token, without writing any OAuth logic.

Understand why scopes and claims serve different roles in OAuth 2.0 and OpenID Connect, and how to design around each.

A developer's guide to registering redirect URIs per environment, debugging "invalid redirect URI" errors, and knowing when to use impersonation instead.

Authentication doesn't end at login. For modern SaaS applications, the real security perimeter is the token, and attackers know it.

Architecture, auth, ecosystem, and the 2026 roadmap for the protocol that connects AI to everything.

Why skipping audience validation lets attackers replay tokens across services, and how to fix it.

Add a "Sign in with Slack" button to your app in minutes using WorkOS AuthKit.

Decode, verify, and inspect JWTs; built by the team that does auth for a living.

Common threats from sign-up to sign-in: what can go wrong, how attackers exploit it, and how to stop them.

A practical comparison of the two protocols reshaping how agents pay for services in 2026.

A practical comparison of modern auth providers, trade-offs, and best practices for React Router apps.

The Model Context Protocol's 2026 roadmap acknowledges what enterprises deploying MCP at scale already know: the protocol has real gaps in auth, observability, gateway patterns, and configuration portability. Here's what's on the table and why it matters.

Azure Entra ID doesn't support deep nested group expansion over SCIM, which catches a lot of teams off guard when setting up Directory Sync. This post explains exactly why that limitation exists, three practical patterns to work around it, and how the situation compares to Google Workspace.

Add production-ready authentication to your FastAPI server in under an hour.

Use AI coding agents and WorkOS Skills to generate production-ready flows in your framework, language, and design system.

A practical guide for developers working with cross-origin requests. Every frustrating console message, and the headers that fix them.

Grant agents time-limited access to OAuth connections using Pipes and MCP.

Everyone thinks AI routing means swapping models. The bigger game is tool routing — giving your agent image gen, video, voice, and search via MCP and skills.

Why skipping issuer validation is the most common JWT security mistake, and how to fix it.

Develop with WorkOS entirely from your terminal, with agent-ready tooling built in.

Lost all your AI session data switching computers? Here's how to externalize your context into Obsidian, Linear, and git so any agent can pick it up.

MiniMax M2.5 processes more tokens on OpenRouter than any other model. Here's why I use it as the chat frontline for my AI agent.

A practical guide to understanding, preventing, and defending against the #1 vulnerability in LLM applications.

User and organization insights, built directly into AuthKit.

Different AI models catch different mistakes. Here's why I run Cursor Bugbot on every Claude Code PR.

With the Excalidraw skill , agents can draw anything — including their own architecture. Here's why that's worth doing...

Voice messages from your phone, transcribed and executed by your AI agent, which then upgrades itself. The ChatOps self-improvement loop.

Knowledge compression, time compression, skill compression — understanding the unifying pattern behind what AI tooling is actually doing.

Running Claude Opus for every AI agent request was untenable. Here's how tiered model routing via OpenRouter cut costs 17x.

First-class application support in WorkOS with per-app client IDs, session policies, and shared identity.

REST APIs serve developers. MCP serves AI agents. Learn how the two protocols layer together and when your API needs both.

A 2026 guide to the best SCIM providers for SaaS teams that need enterprise ready user provisioning.

Autonomous agents are becoming first-class API consumers. Your authorization model needs to treat them that way.

A step-by-step tutorial to adding authentication to your Replit app with WorkOS AuthKit.

A complete reference to JSON Web Key Sets: structure, algorithms, endpoints, and key rotation.

How to create Salesforce Lead records on behalf of your users in minutes, without writing a single line of OAuth plumbing, using WorkOS Pipes.

Add a "Sign in with Apple" button to your Next.js app in minutes using WorkOS AuthKit.

A step-by-step tutorial to adding authentication to your Lovable app with WorkOS AuthKit.

How we built a complete AI-driven go-to-market pipeline in one live workshop using Claude Code and Cowork.

How to post Slack messages to your users' workspaces in minutes, without writing a single line of OAuth plumbing, using WorkOS Pipes.

How I built a practical evaluation workflow to improve LLM reliability in real-world projects.

Why your password policy is probably wrong, how attackers actually crack passwords, and what the math says you should do instead.

Why the dashboard is the last step that automation hasn't touched.

Better Auth works; until it doesn't. Here's what to use instead.

WorkOS has raised $100 million in Series C financing, valuing the company at $2 billion. The round was led by Meritech and Sapphire, with participation from Audacious, Craft, Abstract, Greenoaks, and others.

Master secure authentication in Rails with production-ready patterns and enterprise features.

A practical comparison of modern auth providers, trade-offs, and best practices for Java apps.

Enterprise authentication solutions for Next.js apps outgrowing NextAuth.

The top authorization platforms for controlling AI agent access to your application's resources.

Add a 'Continue with Vercel' button to your Next.js app in minutes using WorkOS AuthKit.

Master secure authentication patterns across Django, FastAPI, and Flask, with production-ready examples for 2026.

A practical comparison of modern auth providers, trade-offs, and best practices for .NET apps.

A complete guide to authentication patterns, security best practices, and enterprise features in Next.js App Router.

As agents move at machine speed, your authorization layer must keep up. Today, we’re introducing WorkOS Fine-Grained Authorization, built for AI agents.

A practical comparison of modern auth providers, trade-offs, and best practices for Go apps and services.

How to choose the right authentication platform for your application and avoid a costly migration down the road.

A deep dive into Login CSRF risks and the layered security controls WorkOS uses to protect authentication flows.

A practical comparison of modern auth providers, trade-offs, and best practices for Flask apps.

A practical comparison of modern auth providers, trade-offs, and best practices for FastAPI apps.

A practical comparison of modern auth providers, trade-offs, and best practices for Django apps.

A practical comparison of modern auth providers, trade-offs, and best practices for Laravel apps.

How Claude and ChatGPT became platforms, why MCP Apps are the new mobile apps, and what to build first.

A practical comparison of modern auth providers, trade-offs, and best practices for Remix apps.

A practical comparison of modern auth providers, trade-offs, and best practices for Node.js architecture.

WorkOS AI-powered Installer, Node SDK v8, new Pipes providers, & more

A practical comparison of modern auth providers, trade-offs, and best practices for Rails apps.

How OpenAI, Slack, and GitHub are splitting architectures to keep sensitive content in-region while routing identity globally, and why most enterprises accept the trade-off.

The xmcp framework now ships with a first-party WorkOS plugin, making it easy to add OAuth 2.0 authentication to your MCP servers with just a few lines of code.

A conversation with Remy Guercio about Tailscale's AI gateway

What are MCP apps and why they’re going to change how you build apps on Claude and ChatGPT.

A practical comparison of modern auth providers, trade-offs, and best practices for React apps.

Build a JavaScript app that lets users connect Google Drive and list their files in your app, without doing any of the OAuth plumbing work, using WorkOS Pipes.

Build a JavaScript app that lets users connect Google Calendar and list their calendar events with a refreshed access token, using WorkOS Pipes.

A practical comparison of modern auth providers, trade-offs, and best practices for TanStack Start’s server-first architecture.

Build a Node app that lets users connect Linear and list their issues with a refreshed access token, without implementing OAuth.

A practical comparison of modern auth providers, trade-offs, and best practices for App Router–based Next.js applications.

Build a Node app that lets users connect GitHub and list their repos with a refreshed access token, without implementing OAuth.

Step-by-step tutorial that walks you through the necessary steps to add automated user provisioning to your Laravel app using SCIM, Okta, and WorkOS, with just a few lines of code.

Engineering leadership at WorkOS blends product ownership, technical stewardship, and people leadership. Engineering managers stay close to the code, the team, and customers.

A practical guide for adding enterprise SSO to an existing auth system without rebuilding everything

Building modern applications increasingly means connecting to multiple third-party services. We built Pipes to handle OAuth flows, token management, and provider setup for you.

A conversation with Andrew Qu, CTO of Vercel.

A conversation with Ajay Kulkarni from Tiger Data.

A conversation with Zack Kanter, CEO of Stedi, at AWS re:Invent 2025.

A conversation with Sam Lambert, CEO of PlanetScale.

A conversation with Eric Bernhardsson, CEO of Modal

A conversation with Laurens Van Houtven from Latacora

A conversation with Taylor Otwell, creator of Laravel, at AWS re:Invent 2025.

A conversation with Brian Scanlan from Intercom at AWS re:Invent 2025.

A conversation with Chris Evans, CTO at Incident.io.

A conversation with Forrest Brazeal from Freeman & Forrest

A conversation with Kyle Galbraith from Depot at re:Invent 2025.

A conversation with William Pienaar, co-founder and CTO of Cleric.

A conversation with Ronak Desai from Ciroos at AWS re:Invent 2025.

A conversation with Paul Klein from Browserbase.

A conversation with Philip Kiely from Baseten at AWS re:Invent 2025.

A conversation with the hosts of Acquired podcast.

We spent a week at re:Invent interviewing founders, CTOs, and builders across the developer tools ecosystem. Here's everything we learned.