@mastra/auth-workos
Advanced tools
A WorkOS authentication provider for Mastra, enabling seamless integration of WorkOS authentication and authorization in your applications.
npm install @mastra/auth-workos
# or
yarn add @mastra/auth-workos
# or
pnpm add @mastra/auth-workos
import { Mastra } from '@mastra/core';
import { MastraAuthWorkos } from '@mastra/auth-workos';
// Initialize with environment variables
const auth = new MastraAuthWorkos();
// Or initialize with explicit configuration
const auth = new MastraAuthWorkos({
apiKey: 'your_workos_api_key',
clientId: 'your_workos_client_id',
});
// Enable auth in Mastra
const mastra = new Mastra({
...
server: {
experimental_auth: auth,
},
});
The package requires the following configuration:
WORKOS_API_KEY: Your WorkOS API keyWORKOS_CLIENT_ID: Your WorkOS client IDYou can also provide these values directly when initializing the provider:
interface MastraAuthWorkosOptions {
apiKey?: string;
clientId?: string;
}
authenticateToken(token: string): Promise<WorkosUser | null>Verifies a JWT token using WorkOS JWKS and returns the user information if valid.
authorizeUser(user: WorkosUser): Promise<boolean>Checks if a user has admin privileges by verifying their organization memberships and roles.
FAQs
Mastra WorkOS Auth integration
We found that @mastra/auth-workos demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub has revoked npm classic tokens for publishing; maintainers must migrate, but OpenJS warns OIDC trusted publishing still has risky gaps for critical projects.
Security News
Rustâs crates.io team is advancing an RFC to add a Security tab that surfaces RustSec vulnerability and unsoundness advisories directly on crate pages.
Security News
/Research
Socket found a Rust typosquat (finch-rust) that loads sha-rust to steal credentials, using impersonation and an unpinned dependency to auto-deliver updates.