ClientID missing from Session object when trying to call getLogoutUrl

[anthonymclaughlin]

Client ID missing from Session object when trying to call getLogoutUrl

Overview

I put together a barebones Cloudflare Workers script to begin developing with WorkOS AuthKit. This error occurs when I try to call getLogoutUrl on the object returned from the call to workos.userManagement.loadSealedSession in my log-out function (see code below).

The error message is Error: Missing client ID. Did you provide it when initializing WorkOS?

Console logging the session value shows that the clientId property is undefined (see output below).

The code is essentially cut-and-paste from the documentation with some changes to use Hono.

The sign-up, log-in and callback functions copied from the documentation seem to work correctly.

I can't figure out what is wrong or how to fix it.

Tech Stack (Local Cloudflare Workers Environment)

• Node: v22.13.1
• Wrangler v4.9.1
• Hono: v4.7.6
• @workos-inc/node: v7.46.0

Wrangler Config

wrangler.jsonc:

{
  "$schema": "node_modules/wrangler/config-schema.json",
  "name": "backend",
  "main": "src/index.ts",
  "compatibility_date": "2025-04-09",
  "compatibility_flags": [
    "nodejs_compat"
  ]
}

Code

index.ts

import { Hono } from 'hono';
import { setCookie, getCookie, deleteCookie } from 'hono/cookie';
import { WorkOS } from '@workos-inc/node';

const WORKOS_API_KEY = 'sk_test_...';
const WORKOS_CLIENT_ID = 'client_...';
const WORKOS_COOKIE_PASSWORD = 'HSK...';

const app = new Hono();
const workos = new WorkOS(WORKOS_API_KEY);

app.get('/api/auth/sign-up', (c) => {

  const authorizationUrl = workos.userManagement.getAuthorizationUrl({
    screenHint: 'sign-up',
    clientId: WORKOS_CLIENT_ID,
    redirectUri: 'http://localhost:8081/api/auth/callback',
    provider: 'authkit',
  });

  return c.redirect(authorizationUrl);
});

app.get('/api/auth/log-in', (c) => {
  const authorizationUrl = workos.userManagement.getAuthorizationUrl({
    screenHint: 'sign-in',
    clientId: WORKOS_CLIENT_ID,
    redirectUri: 'http://localhost:8081/api/auth/callback',
    provider: 'authkit',
  });

  return c.redirect(authorizationUrl);
});

app.get('/api/auth/callback', async (c) => {

  // The authorization code returned by AuthKit
  const authCode = c.req.query('code');

  if (!authCode) {
    return c.text('No code provided', 400);
  }

  const authenticateResponse = await workos.userManagement.authenticateWithCode({
    clientId: WORKOS_CLIENT_ID,
    code: authCode,
    session: {
      sealSession: true,
      cookiePassword: WORKOS_COOKIE_PASSWORD,
    },
  });

  const { user, sealedSession } = authenticateResponse;

  setCookie(c, 'wos-session', sealedSession!, {
    path: '/',
    httpOnly: true,
    sameSite: 'lax',
  });

  return c.json(user);
});

app.get('api/auth/log-out', async (c) => {

  const session = workos.userManagement.loadSealedSession({
    sessionData: getCookie(c, 'wos-session')!,
    cookiePassword: WORKOS_COOKIE_PASSWORD,
  });

  console.log(session);

  const url = await session.getLogoutUrl({
    returnTo: 'http://localhost:8081',
  });

  deleteCookie(c, 'wos-session');
  c.redirect(url);
});

export default app;

Console Log output for session object:

Session {
  userManagement: <ref *1> UserManagement {
    workos: WorkOSWorker {
      key: 'sk_test_...',
      options: [Object],
      auditLogs: [AuditLogs],
      directorySync: [DirectorySync],
      organizations: [Organizations],
      organizationDomains: [OrganizationDomains],
      passwordless: [Passwordless],
      portal: [Portal],
      sso: [SSO],
      mfa: [Mfa],
      events: [Events],
      fga: [FGA],
      widgets: [Widgets],
      vault: [Vault],
      clientId: undefined,
      baseURL: 'https://api.workos.com',
      webhooks: [Webhooks],
      actions: [Actions],
      userManagement: [Circular *1],
      client: [FetchHttpClient]
    },
    clientId: undefined,
    ironSessionProvider: EdgeIronSessionProvider {}
  },
  ironSessionProvider: EdgeIronSessionProvider {},
  cookiePassword: 'HSK...',
  sessionData: 'Fe26.2*1*005b86ccbb79130e8bd...',
  jwks: undefined
}

Stack Trace

✘ [ERROR] Error: Missing client ID. Did you provide it when initializing WorkOS?

at Session.<anonymous> (backend/node_modules/@workos-inc/node/lib/user-management/session.js:169:23)
at Generator.next (<anonymous>)
at null.<anonymous> (backend/node_modules/@workos-inc/node/lib/user-management/session.js:8:71)
at new Promise (<anonymous>)
at __awaiter (backend/node_modules/@workos-inc/node/lib/user-management/session.js:4:12)
at Session.isValidJwt (backend/node_modules/@workos-inc/node/lib/user-management/session.js:167:16)
at Session.<anonymous> (backend/node_modules/@workos-inc/node/lib/user-management/session.js:58:30)
at Generator.next (<anonymous>)
at fulfilled (backend/node_modules/@workos-inc/node/lib/user-management/session.js:5:58)

[nicknisi]

Hey @anthonymclaughlin, the most common reason for this error is that the WorkOS client isn't being initialized with the client ID when you're creating the WorkOS instance. Looking at your code example, it seems like this might be the culprit.

// Incorrect
const workos = new WorkOS(WORKOS_API_KEY);

// Correct
const workos = new WorkOS(WORKOS_API_KEY, {
  clientID: WORKOS_CLIENT_ID
});

Could you try supplying the clientId to the WorkOS initialization and see if that resolves your issue? Thanks!

[anthonymclaughlin]

Thank you this fixed the error!

I saw that the clientID property was in a couple of the API code snippets, so I went to check the WorkOS class to figure out how I missed this, but I couldn't find any mention of the WorkOS Class or WorkOSOptions Interface in the docs.