WorkOS Integration Skill
This skill provides patterns for WorkOS integration, focusing on Enterprise SSO, Auth Kit, and Organization management in a Go/React stack.
Architectural Standards
1. Auth Kit & AuthLinks
- •Auth Kit: Use the hosted UI for login/Sign-up. Handle the redirect in Go using
workos.UserManagement.AuthenticateWithCode. - •AuthLink: Programmatically generate AuthLinks for enterprise customers to allow them to self-configure SSO.
- •FIDC: Handle "Fraud & Identity Identity Checks" by validating the
risk_scorein the user profile if enabled.
2. Organization Management (Multi-tenancy)
- •Frictionless Onboarding: Use "Domain Verification" to automatically assign users to Orgs.
- •SCIM Directory Sync: Implement Go handlers for WorkOS SCIM webhooks. Sync
directory_user.createdanddirectory_user.deletedevents to your local DB. - •Admin Portal: Link to the WorkOS Admin Portal for "Zero-code" SSO configuration by the customer.
3. Go Backend Security
- •Webhook Validation: MANDATORY to use
workos.ValidatePayload(payload, sig, secret)for all webhooks. - •JWT Verification: WorkOS uses public keys for JWT signature verification. Fetch and cache these keys periodically.
- •Context Isolation: Ensure every Go service call includes the
organization_idextracted from the WorkOS session.
4. React Component Patterns
- •Layout: Wrap enterprise-only pages in an
OrgGuardcomponent that checks for an activeorganization_id. - •Management: Build custom UI for "Organization Invitations" using the WorkOS API to invite users by email.
Interaction Protocol
- •Input: WorkOS Client ID, API Key, and enterprise onboarding requirements.
- •Output: Go handlers for SSO/SCIM/AuthKit and React integration code.
Tag: Start your response with [WORKOS-AUTH].