Home / Companies / WorkOS / Blog / Post Details
Content Deep Dive

Step-up authentication: Re-verify users before high-risk operations

Blog post from WorkOS

Post Details
Company
Date Published
Author
Kesin Ryan Dehejia
Word Count
739
Company Posts That Month
3
Language
English
Hacker News Points
-
Summary

AuthKit has introduced step-up authentication to address the issue of equal trust levels for all actions within a session, regardless of their sensitivity. This feature allows specific operations to require fresh verification without terminating the existing session, ensuring that actions such as accessing admin panels or changing billing details are executed with confirmed user identity. This is particularly important for applications under compliance regulations like SOC 2, HIPAA, or PCI-DSS, where re-verifying before accessing sensitive data is expected. The new release includes an auth_time claim on tokens to track the last active authentication, a max_age parameter to enforce re-authentication based on a specified time threshold, and a hosted re-authentication flow. The system emits an authentication.reauthenticated event upon successful step-up, and the WorkOS Node core SDK facilitates integration by providing tools to build authorization URLs with max_age and check token freshness.

Trends Found in this Post

No tracked trend matches for this post yet.