SDKs overview
WorkOS provides a suite of Software Development Kits (SDKs) designed to streamline the integration of enterprise-grade features into B2B SaaS applications. These features include Single Sign-On (SSO) via SAML or OIDC, Directory Sync using SCIM, Audit Logs, and Magic Link authentication. The SDKs abstract the underlying RESTful API interactions, offering idiomatic interfaces for various programming languages. This approach aims to reduce the development effort required to implement complex enterprise authentication and user management workflows, allowing developers to focus on their core product functionality while offloading the intricacies of enterprise identity protocols to WorkOS.
The WorkOS platform emphasizes a narrow API surface, with each endpoint specifically tailored to an enterprise-tier use case, simplifying the integration process. The SDKs are maintained by WorkOS and are available for common backend languages, ensuring broad compatibility for development teams. Beyond the official offerings, a community of developers contributes to additional libraries and integrations, extending the ecosystem.
WorkOS's architecture is designed to support scalable enterprise integrations, particularly for products transitioning from a product-led growth (PLG) model to serving larger organizations that require advanced security and compliance features. This includes support for various identity providers and directory services, which the SDKs help facilitate through standardized interfaces. The SDKs also integrate with the WorkOS Admin Portal, which allows customers to self-configure their SAML or OIDC connections without requiring developer intervention from the integrating application's side, as detailed in the WorkOS Admin Portal documentation.
Official SDKs by language
WorkOS maintains official SDKs for several popular programming languages, providing comprehensive support for its API. These SDKs are developed to follow the best practices of each language ecosystem, offering type safety, clear error handling, and consistent method naming. The official SDKs are the recommended method for integrating with the WorkOS API due to their direct support from WorkOS, ongoing maintenance, and alignment with API changes.
The following table lists the official SDKs, their respective package identifiers, typical installation commands, and maturity status:
| Language | Package/Module | Installation Command | Maturity |
|---|---|---|---|
| Node.js | @workos-inc/node |
npm install @workos-inc/node or yarn add @workos-inc/node |
Stable |
| Python | workos |
pip install workos-python |
Stable |
| Ruby | workos |
Add gem 'workos' to Gemfile, then bundle install |
Stable |
| PHP | workos/workos-php |
composer require workos/workos-php |
Stable |
| Go | github.com/workos/workos-go |
go get github.com/workos/workos-go |
Stable |
| Java | com.workos:workos-java (Maven) |
Add dependency to pom.xml or build.gradle |
Stable |
| .NET | WorkOS (NuGet) |
dotnet add package WorkOS |
Stable |
Each SDK is designed to provide comprehensive access to WorkOS features, including Single Sign-On, Directory Sync, Audit Logs, and the Admin Portal. Developers can find detailed API references and usage examples for each SDK within the WorkOS documentation, which often includes language-specific code snippets for common tasks.
Installation
The installation process for WorkOS SDKs typically follows the standard package management practices for each respective programming language. Below are general installation instructions for the officially supported SDKs:
- Node.js: For Node.js applications, the SDK is available via npm or Yarn. Execute
npm install @workos-inc/nodeoryarn add @workos-inc/nodein your project directory. - Python: Python developers can install the SDK using pip. Run
pip install workos-pythonin your virtual environment. - Ruby: For Ruby on Rails or other Ruby projects, add
gem 'workos'to yourGemfileand then runbundle installfrom your terminal. - PHP: PHP projects using Composer can install the SDK with
composer require workos/workos-php. - Go: Go modules are used for installation. Execute
go get github.com/workos/workos-goto add the SDK to your project. - Java: Java projects typically use Maven or Gradle. Add the
com.workos:workos-javadependency to yourpom.xml(Maven) orbuild.gradle(Gradle) file. Specific dependency snippets are available in the Java SDK reference. - .NET: For .NET applications, the SDK is available as a NuGet package. Use the .NET CLI command
dotnet add package WorkOSor install it via the NuGet Package Manager in Visual Studio.
After installation, it is common practice to initialize the SDK with your WorkOS API Key and Client ID, which are obtained from your WorkOS Dashboard. These credentials are used to authenticate your application with the WorkOS API, as demonstrated in the WorkOS API keys documentation. Environment variables are often recommended for storing sensitive API keys to prevent them from being committed into source control.
Quickstart example
A common use case for WorkOS SDKs is implementing Single Sign-On (SSO) for enterprise customers. The following Node.js example demonstrates how to initialize the WorkOS SDK, generate an authorization URL for an SSO flow, and handle the callback after a user authenticates with their Identity Provider. This example assumes a basic Express.js server setup.
// app.js
const express = require('express');
const { WorkOS } = require('@workos-inc/node');
const session = require('express-session');
const app = express();
const port = 3000;
// Initialize WorkOS with your API Key
const workos = new WorkOS(process.env.WORKOS_API_KEY);
// Configure session management
app.use(session({
secret: process.env.SESSION_SECRET || 'super-secret-key',
resave: false,
saveUninitialized: true,
cookie: { secure: process.env.NODE_ENV === 'production' }
}));
// Set up routes
app.get('/', (req, res) => {
res.send(`
<h1>Welcome</h1>
<p>Click to log in with Enterprise SSO.</p>
<a href="/login">Log In</a>
`);
});
app.get('/login', (req, res) => {
// Generate the WorkOS authorization URL for an SSO flow
// Replace 'YOUR_ORGANIZATION_ID' with the actual WorkOS Organization ID
// The redirect URI must be registered in your WorkOS Dashboard
const authorizationUrl = workos.sso.getAuthorizationUrl({
organization: 'YOUR_ORGANIZATION_ID',
redirectUri: 'http://localhost:3000/auth/callback',
state: 'some-random-state-value' // Protect against CSRF
});
res.redirect(authorizationUrl);
});
app.get('/auth/callback', async (req, res) => {
try {
const { code } = req.query;
const { profile, organizationId } = await workos.sso.getProfileAndToken({
code,
redirectUri: 'http://localhost:3000/auth/callback',
});
// Store user profile in session or database
req.session.user = profile;
req.session.organizationId = organizationId;
res.send(`
<h1>Logged in successfully!</h1>
<p>User ID: ${profile.id}</p>
<p>Email: ${profile.email}</p>
<p>Organization ID: ${organizationId}</p>
<a href="/">Go Home</a>
`);
} catch (error) {
console.error('Error during SSO callback:', error);
res.status(500).send('Authentication failed.');
}
});
app.listen(port, () => {
console.log(`Server listening at http://localhost:${port}`);
});
This snippet illustrates the basic flow:
- Initialization: The WorkOS SDK is initialized with an API key.
- Authorization URL Generation: When a user initiates login, the
getAuthorizationUrlmethod is called with the WorkOS Organization ID and a redirect URI. This generates a URL that redirects the user to their organization's Identity Provider. - Callback Handling: After successful authentication with the Identity Provider, the user is redirected back to the specified
redirectUriwith an authorizationcode. - Profile Retrieval: The
getProfileAndTokenmethod exchanges thecodefor user profile information and the associated organization ID. This information can then be used to create or authenticate a user in your application's database.
For a complete guide, including setting up environment variables and testing, refer to the WorkOS SSO Quickstart Guide.
Community libraries
While WorkOS provides official SDKs for major programming languages, the developer community occasionally creates and maintains additional libraries or integrations. These community-driven projects can offer support for less common languages, specific frameworks, or niche use cases not covered by the official SDKs. Community libraries may vary in terms of their features, maintenance frequency, and adherence to the latest WorkOS API versions.
Developers considering using a community library should evaluate its documentation, active development status, and community support. It is advisable to check the official WorkOS documentation or community forums for any recommended or well-regarded third-party tools. For instance, while WorkOS does not officially provide a direct client-side SDK for web browsers, developers might find community examples or patterns for integrating WorkOS-powered authentication flows within client-side JavaScript applications by using the backend SDKs to generate URLs and handle callbacks securely.
As of late 2026, WorkOS's primary focus for SDK development remains on server-side languages, reflecting the nature of enterprise authentication and directory synchronization, which typically involves server-to-server communication and sensitive credential handling. Any community contributions would generally build upon these server-side integrations or provide client-side wrappers that securely interact with a backend service utilizing an official WorkOS SDK.
Developers can often find community contributions by searching package repositories (e.g., npm, PyPI, RubyGems) or GitHub for workos related projects. However, for critical production systems, relying on official SDKs and direct support channels from WorkOS is generally recommended for stability and security. The WorkOS API Reference provides comprehensive details for direct API interaction, which can be useful for developers building custom integrations or contributing to community libraries.