descope-auth
SKILL.md
Descope Authentication
Integrate secure, passwordless authentication using Descope Flows and SDKs.
Framework Detection
Detect the user's framework and use the appropriate reference:
| If project has... | Use reference |
|---|---|
next in package.json |
references/nextjs.md |
react (no Next.js) |
references/react.md |
| Python/Node.js backend only | references/backend.md |
Quick Start (all frameworks)
- Get Project ID from https://app.descope.com/settings/project
- Set environment variable:
NEXT_PUBLIC_DESCOPE_PROJECT_ID=<your-id> - Follow framework-specific reference
Valid Flow IDs (CRITICAL - do not invent others)
| Flow ID | Purpose |
|---|---|
sign-up-or-in |
Combined signup/login (RECOMMENDED) |
sign-up |
Registration only |
sign-in |
Login only |
step-up |
MFA step-up authentication |
update-user |
Profile updates, add auth methods |
Authentication Methods
| Method | When to use |
|---|---|
| OTP (Email/SMS) | Quick verification codes |
| Magic Link | Passwordless email links |
| Passkeys | Biometric/WebAuthn (most secure) |
| OAuth | Social login (Google, GitHub, etc.) |
| SSO | Enterprise SAML/OIDC |
| Passwords | Traditional auth (not recommended) |
DO NOT (Security Guardrails)
- DO NOT parse JWTs manually - always use SDK's
validateSession() - DO NOT store tokens in localStorage - SDK handles this securely
- DO NOT invent flow IDs - only use IDs from the table above
- DO NOT skip server-side validation - always validate on backend
- DO NOT expose DESCOPE_MANAGEMENT_KEY in client code
References
references/nextjs.md- Next.js App Router integrationreferences/react.md- React SPA integrationreferences/backend.md- Backend session validation
Weekly Installs
16
Repository
descope/skillsGitHub Stars
5
First Seen
Feb 13, 2026
Security Audits
Installed on
opencode16
gemini-cli16
github-copilot16
amp16
codex16
kimi-cli16