Flow: /api/auth/login → hosted AuthKit (magic code) → /api/auth/callback exchanges the code server-side → HttpOnly session cookie → /api/whoami verifies the access token via WorkOS JWKS.
/api/auth/login
/api/auth/callback
/api/whoami
Sign in (WorkOS Magic Auth) Sign out
loading…