@workos-inc/node
Advanced tools
The WorkOS library for Node.js provides convenient access to the WorkOS API from applications written in server-side JavaScript.
See the API Reference for Node.js usage examples.
Node 22.11 or higher.
Install the package with:
npm install @workos-inc/node
To use the library you must provide an API key, located in the WorkOS dashboard, as an environment variable WORKOS_API_KEY:
WORKOS_API_KEY="sk_1234"
Or, you can set it on your own before your application starts:
import { WorkOS } from '@workos-inc/node';
const workos = new WorkOS('sk_1234');
For apps that can't securely store secrets, initialize with just a client ID:
import { WorkOS } from '@workos-inc/node';
const workos = new WorkOS({ clientId: 'client_...' }); // No API key needed
// Generate auth URL with automatic PKCE
const { url, codeVerifier } =
await workos.userManagement.getAuthorizationUrlWithPKCE({
provider: 'authkit',
redirectUri: 'myapp://callback',
clientId: 'client_...',
});
// After user authenticates, exchange code for tokens
const { accessToken, refreshToken } =
await workos.userManagement.authenticateWithCode({
code: authorizationCode,
codeVerifier,
clientId: 'client_...',
});
[!IMPORTANT] Store
codeVerifiersecurely on-device between generating the auth URL and handling the callback. For mobile apps, use platform secure storage (iOS Keychain, Android Keystore). For CLI apps, consider OS credential storage. The verifier must survive app restarts during the auth flow.
See the AuthKit documentation for details on PKCE authentication.
Server-side apps can also use PKCE alongside the client secret for defense in depth (recommended by OAuth 2.1):
const workos = new WorkOS('sk_...'); // With API key
// Use PKCE even with API key for additional security
const { url, codeVerifier } =
await workos.userManagement.getAuthorizationUrlWithPKCE({
provider: 'authkit',
redirectUri: 'https://example.com/callback',
clientId: 'client_...',
});
// Both client_secret AND code_verifier will be sent
const { accessToken } = await workos.userManagement.authenticateWithCode({
code: authorizationCode,
codeVerifier,
clientId: 'client_...',
});
For our SDKs WorkOS follows a Semantic Versioning (SemVer) process where all releases will have a version X.Y.Z (like 1.0.0) pattern wherein Z would be a bug fix (e.g., 1.0.1), Y would be a minor release (1.1.0) and X would be a major release (2.0.0). We permit any breaking changes to only be released in major versions and strongly recommend reading changelogs before making any major version upgrades.
WorkOS has features in Beta that can be accessed via Beta releases. We would love for you to try these and share feedback with us before these features reach general availability (GA). To install a Beta version, please follow the installation steps above using the Beta release version.
Note: there can be breaking changes between Beta versions. Therefore, we recommend pinning the package version to a specific version. This way you can install the same version each time without breaking changes unless you are intentionally looking for the latest Beta version.
We highly recommend keeping an eye on when the Beta feature you are interested in goes from Beta to stable so that you can move to using the stable version.
Passport is a popular authentication middleware for Node.js that supports various authentication strategies, including OAuth and SAML. Unlike @workos-inc/node, Passport focuses solely on authentication and does not provide additional enterprise features like Directory Sync or Audit Logs.
Auth0 is a comprehensive identity management platform that offers features like SSO, user management, and multifactor authentication. It is similar to @workos-inc/node in terms of providing enterprise-ready authentication solutions, but it also includes additional features like user management and multifactor authentication.
Okta is an identity and access management service that provides SSO, multifactor authentication, and user management. It is similar to @workos-inc/node in offering enterprise authentication solutions but also includes extensive user management and security features.
FAQs
A Node wrapper for the WorkOS API
The npm package @workos-inc/node receives a total of 994,602 weekly downloads. As such, @workos-inc/node popularity was classified as popular.
We found that @workos-inc/node demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Malicious Namastex.ai npm packages appear to replicate TeamPCP-style Canister Worm tradecraft, including exfiltration and self-propagation.
Product
Explore exportable charts for vulnerabilities, dependencies, and usage with Reports, Socket’s new extensible reporting framework.
Product
Socket for Jira lets teams turn alerts into Jira tickets with manual creation, automated ticketing rules, and two-way sync.