workos · nholden · Dec 23, 2025 · Dec 16, 2025 · Dec 23, 2025 · Dec 23, 2025
diff --git a/src/index.ts b/src/index.ts
@@ -2,6 +2,7 @@ export { createClient } from "./create-client";
 export { getClaims } from "./utils/session-data";
 export {
   User,
+  AuthenticationMethod,
   AuthenticationResponse,
   OnRefreshResponse,
   JWTPayload,

diff --git a/src/interfaces/authentication-response.interface.ts b/src/interfaces/authentication-response.interface.ts
@@ -1,10 +1,34 @@
 import { User, UserRaw } from "./user.interface";
 import { Impersonator, ImpersonatorRaw } from "./impersonator.interface";
 
+export type AuthenticationMethod =
+  | "SSO"
+  | "Password"
+  | "Passkey"
+  | "AppleOAuth"
+  | "BitbucketOAuth"
+  | "CrossAppAuth"
+  | "DiscordOAuth"
+  | "ExternalAuth"
+  | "GitHubOAuth"
+  | "GitLabOAuth"
+  | "GoogleOAuth"
+  | "LinkedInOAuth"
+  | "MicrosoftOAuth"
+  | "SalesforceOAuth"
+  | "SlackOAuth"
+  | "VercelMarketplaceOAuth"
+  | "VercelOAuth"
+  | "XeroOAuth"
+  | "MagicAuth"
+  | "Impersonation"
+  | "MigratedSession";
+
 export interface AuthenticationResponse {
   user: User;
   accessToken: string;
   refreshToken: string;
+  authenticationMethod: AuthenticationMethod;
   organizationId?: string;
   impersonator?: Impersonator;
 }
@@ -15,6 +39,7 @@ export interface AuthenticationResponseRaw {
   user: UserRaw;
   access_token: string;
   refresh_token: string;
+  authentication_method: AuthenticationMethod;
   organization_id?: string;
   impersonator?: ImpersonatorRaw;
 }
diff --git a/src/interfaces/index.ts b/src/interfaces/index.ts
@@ -1,4 +1,5 @@
 export type {
+  AuthenticationMethod,
   AuthenticationResponse,
   AuthenticationResponseRaw,
   OnRefreshResponse,

diff --git a/src/serializers/authentication-response.serializer.ts b/src/serializers/authentication-response.serializer.ts
@@ -12,6 +12,7 @@ export const deserializeAuthenticationResponse = (
     organization_id,
     access_token,
     refresh_token,
+    authentication_method,
     impersonator,
     ...rest
   } = authenticationResponse;
@@ -21,6 +22,7 @@ export const deserializeAuthenticationResponse = (
     organizationId: organization_id,
     accessToken: access_token,
     refreshToken: refresh_token,
+    authenticationMethod: authentication_method,
     impersonator,
     ...rest,
   };

diff --git a/src/utils/session-data.test.ts b/src/utils/session-data.test.ts
@@ -27,6 +27,7 @@ describe("setSessionData", () => {
     setSessionData({
       accessToken: validToken,
       refreshToken: "refresh_token",
+      authenticationMethod: "Password",
       user: mockUser,
     });
     expect(memoryStorage.getItem(storageKeys.accessToken)).toBe(validToken);

diff --git a/src/utils/session-data.ts b/src/utils/session-data.ts
@@ -16,9 +16,10 @@ export function setSessionData(
   data: AuthenticationResponse,
   { devMode = false } = {},
 ) {
-  const { user, accessToken, refreshToken } = data;
+  const { user, accessToken, refreshToken, authenticationMethod } = data;
   memoryStorage.setItem(storageKeys.user, user);
   memoryStorage.setItem(storageKeys.accessToken, accessToken);
+  memoryStorage.setItem(storageKeys.authenticationMethod, authenticationMethod);
   (devMode ? window.localStorage : memoryStorage).setItem(
     storageKeys.refreshToken,
     refreshToken,
@@ -34,6 +35,7 @@ export function setSessionData(
 export function removeSessionData({ devMode = false } = {}) {
   memoryStorage.removeItem(storageKeys.user);
   memoryStorage.removeItem(storageKeys.accessToken);
+  memoryStorage.removeItem(storageKeys.authenticationMethod);
   (devMode ? window.localStorage : memoryStorage).removeItem(
     storageKeys.refreshToken,
   );

diff --git a/src/utils/storage-keys.ts b/src/utils/storage-keys.ts
@@ -4,4 +4,5 @@ export const storageKeys = {
   accessToken: "workos:access-token",
   refreshToken: "workos:refresh-token",
   expiresAt: "workos:expires-at",
+  authenticationMethod: "workos:authentication-method",
 } as const;