WhatsApp auth, user profile widgets, and other updates

Auth Thoughts is a monthly newsletter produced by Team Descope, the collective consciousness of everyone at Descope . Read on for product updates, tutorials, and a monthly roundup from the world of identity and authentication.

Descope changelog

To paraphrase a quote from Dory the forgetful fish: “Just keep shipping”. Here are some of the latest product updates from Descope:

?? nOTP WhatsApp authentication

nOTP (no-tee-pee) is a new authentication method that logs users in via WhatsApp to provide a frictionless experience while greatly reducing SMS messaging costs. Learn more in our announcement blog and experience it for yourself .

?? Styles 2.0

Descope Styles has had a full makeover and now provides more options than ever to align user-facing screens with your brand. Watch this video to see new capabilities like auto-adjustable color palettes, granular control over button borders and states, and screen previews in action.

?? User profile and access key widgets

Hot on the heels of announcing self-service widgets last month, new widgets for user profiles and access key management are now available. The user profile widget enables end users to modify their name, email, phone, and even passkeys. The access key widget lets users generate their own access keys to use in certain parts of your app.

Other updates

??Smart user search: You can now search your user tables using smart filters and specific attributes (e.g. email ends with @descope.com , belongs to any of X, Y, or Z tenants) to quickly retrieve records of interest.

?? Password policy previews: You can now expose password policy previews to your end users with a simple toggle. Once enabled, end users will see your app’s password policy as they create their password along with which conditions have been met / not met.

?? Embedded links: If you have password authentication and want your users to verify their email at a later time without breaking the flow of their registration process, embedded links can help. This capability allows you to send verification emails to users with links that don’t need to be clicked immediately. Learn more in this knowledge base article .?

Keep an eye on our changelog for ongoing product announcements. Have questions? Join our community and visit the #ask-a-descoper channel.

Tutorial central?

Looking for help on how to integrate Descope for a particular framework or perform certain tasks? Our DevRel team has you covered.

?? DocsGPT: This tutorial covers how to build an AI chatbot with OpenAI Agents, Next.js, and Descope authentication.

??Developer’s Guide to SSO: This guide covers how to add SAML SSO with Okta to a Next.js application – both from scratch and with Descope.

?? How to implement passkey auth: This guide covers the basics of passkeys and how to add them to your app from scratch.

Customer spotlight: Xyte

The more stakeholders your app serves, the more security and UX nuances you need to keep in mind. Consider Xyte , which serves manufacturers, integrators, administrators, and end users as distinct personas. With each user segment seeking a different way to authenticate and having varying security requirements, authentication work for developers quickly adds up.?

Here’s what Boris Dinkevich, Co-Founder and CTO of Xyte, had to say about their experience with Descope:

“With Descope, we can actually improve the security we have in our organization. Beyond two factor authentication – which Descope made very easy – we can also offer more advanced methods of authentication, smart links, and full SSO for our customers. I also think we could never fully trust the code we had before Descope, because authentication flows are very prone to small problems. Switching over to Descope gave us more confidence that someone else is doing it full time.”?

Hear the rest of Xyte’s story.

Concept corner?

We’re always happy to talk auth when given the chance. Here are some refreshers and best practices to keep in mind.

?? CIAM 101: Customer Identity and Access Management (CIAM) platforms are responsible for handling authentication, access control, and identity management for an organization’s customers and external identities. Learn more about evaluating CIAM solutions .

??? Session fixation attacks: Session fixation happens when an attacker infiltrates a user’s web browser and tricks them into using a session ID that the attacker has access to. Learn how these attacks work and prevention tips.

Helpful resources

Thanks for reading Auth Thoughts! If you’d like any other updates from the world of identity and authentication included in this newsletter, please let us know in the comments below.

Here are some other links to have handy:

??? Sign up for a Descope Free Forever account.

?? Auth Thoughts , if you want to share this newsletter with others.

?? Developer blogs , for tutorials with specific frameworks or auth methods.

?? Documentation , for setup instructions, SDK code snippets, and more.

See you in June!