Interest in, and adoption of, MCP is exploding.

Think: one spec → any tool, any workflow, securely. Big shift for AI infra.

Recap from MCPNight here: #MCP #AIInfra

https://workos.com/blog/mcpnight-2025-in-san-francisco

Learning your stack deeply isn’t just about raw velocity—it’s about agility.

When requirements shift, you can change direction gracefully, leveraging your expertise rather than scrambling for docs.

Deep expertise isn’t about being a "rockstar"—it’s about sustained rapid iteration.

The tighter the feedback loop, the faster you evolve.

Fine-grained authorization (FGA) brings targeted control and flexibility.

With solutions like WorkOS FGA, you can simplify complex permission management. 🏗️

https://workos.com/blog/scaling-up-with-fga

RBAC worked for a while, but it can become a bottleneck when you move #upmarket.

A detailed, fine-grained approach is key.

Overloaded roles and constant maintenance are common hurdles when your product grows.

Enterprises need more than just ‘admin’ and ‘viewer’ settings.

This combination of open-source + tutorials has been incredibly rewarding.

There’s nothing better than hearing, “Oh, never mind, I just found your tutorial.”

What’s working well for you in Developer Education? Let’s compare notes!

What makes this approach effective:

• Hands-on learning: Developers can clone, run, and modify the repos.

• Immediate value: Tutorials bridge the gap between code and implementation.

• Real-world examples: These aren’t toy projects—they solve actual problems.

Document Access Control with AWS CDK + Lambda Authorizers

☁️ Repo: Full serverless stack (API Gateway + S3 + Lambda).

🚀 Tutorial: https://workos.com/blog/how-to-build-document-access-control-with-s3-workos-fga-and-lambda-authorizers

Here are some recent examples:

✅ Browser-Based OAuth for CLI Tools

🖥️ Repo: Secure token fetching & storage for CLI apps.

📚 Tutorial: https://workos.com/blog/how-to-build-browser-based-oauth-into-your-cli-with-workos

The formula:

1. Build an example architecture for a real-world use case.

2. Open-source the code as a companion repository.

3. Write a tutorial that explains how to implement it step by step.

This combo makes concepts actionable.

One thing that’s working well for Developer Education at WorkOS: pairing open-source companion repositories with detailed tutorials.

It’s helping devs learn faster, solve complex problems, and build better systems. Here’s how we do it: 🧵

✅ Securing RAG Applications with Fine-Grained Authorization

📂 Repo: Pinecone vector DB + WorkOS FGA for document access control.

🔐 Tutorial: https://workos.com/blog/how-to-secure-rag-applications-with-fine-grained-authorization-tutorial-with-code

Pro Tip

WorkOS has a Ruby SDK that covers SSO, enterprise logins, RBAC, and more—easy to add to any Rails app.

https://workos.com/docs/sdks/ruby

Bonus Gems

• JWT: For token-based auth flows (APIs, SPAs).
• Secure Headers & Rack::Attack: Hardens your app against XSS/brute-force attacks.
• Brakeman: Static security scanner for Rails.
• Figaro: Safer environment variable management.
• Bullet: Helps spot N+1 queries.

Top Ruby Auth Gems:

• Devise: Full-featured - from resets to 2FA.
• OmniAuth: Integrations galore. Good for social login.
• Clearance / Authlogic: Lightweight
• Rodauth: Rack-first with advanced modules (2FA, lockouts).
• Sorcery: Minimalistic but unmaintained.

Common Combos

Devise + Pundit or CanCanCan is a classic.

Tweak for your app’s complexity & security needs.

https://workos.com/blog/top-ruby-gems-for-authentication-authorization

Authorization Gems:

• Pundit: Straightforward policy classes, keeps logic out of models/controllers.
• CanCanCan: Ability-based DSL, perfect for role-based or attribute-based permissions.
• Rolify: Focused on role management, pairs nicely with authentication gems.

Getting deep with a single stack means fewer overlooked edge cases.

You see pitfalls coming from a mile away.

Production issues decrease, and deployment confidence soars.