AgentSkillsCN

descope-auth

将Descope身份验证集成到各类应用中。在实现登录、注册、无密码身份验证(OTP、魔法链接、Passkeys)、OAuth、SSO,或MFA时使用此功能。该功能可自动识别所用框架,并提供针对性的指导。

SKILL.md
--- frontmatter
name: descope-auth
description: Integrate Descope authentication into applications. Use when implementing login, signup, passwordless auth (OTP, Magic Link, Passkeys), OAuth, SSO, or MFA. Detects framework and provides targeted guidance.

Descope Authentication

Integrate secure, passwordless authentication using Descope Flows and SDKs.

Framework Detection

Detect the user's framework and use the appropriate reference:

If project has...Use reference
next in package.jsonreferences/nextjs.md
react (no Next.js)references/react.md
Python/Node.js backend onlyreferences/backend.md

Quick Start (all frameworks)

  1. Get Project ID from https://app.descope.com/settings/project
  2. Set environment variable: NEXT_PUBLIC_DESCOPE_PROJECT_ID=<your-id>
  3. Follow framework-specific reference

Valid Flow IDs (CRITICAL - do not invent others)

Flow IDPurpose
sign-up-or-inCombined signup/login (RECOMMENDED)
sign-upRegistration only
sign-inLogin only
step-upMFA step-up authentication
update-userProfile updates, add auth methods

Authentication Methods

MethodWhen to use
OTP (Email/SMS)Quick verification codes
Magic LinkPasswordless email links
PasskeysBiometric/WebAuthn (most secure)
OAuthSocial login (Google, GitHub, etc.)
SSOEnterprise SAML/OIDC
PasswordsTraditional auth (not recommended)

DO NOT (Security Guardrails)

  • DO NOT parse JWTs manually - always use SDK's validateSession()
  • DO NOT store tokens in localStorage - SDK handles this securely
  • DO NOT invent flow IDs - only use IDs from the table above
  • DO NOT skip server-side validation - always validate on backend
  • DO NOT expose DESCOPE_MANAGEMENT_KEY in client code

References

  • references/nextjs.md - Next.js App Router integration
  • references/react.md - React SPA integration
  • references/backend.md - Backend session validation