Authentication
Descope provides a comprehensive suite of authentication methods and flows to secure your application, including:
- One Time Password (OTP)
- Magic link
- Enchanted link
- Social Login (OAuth)
- Single Sign-On (SSO)
- Passkeys
- Authenticator Apps (TOTP)
- Passwords
- Security Questions
- nOTP (WhatsApp)
- Embedded link
Choosing the Right Authentication Method
Selecting the appropriate authentication method depends on your application's security requirements and user experience goals. With Descope, you are not locked into a single authentication method. You can enable multiple methods at the same time and adjust your approach as your needs evolve.
Here are some considerations to help you make the right choice:
When to Choose Passwordless Authentication
- Enhanced Security: Eliminates password-related vulnerabilities and reduces the risk of credential-based attacks.
- Improved User Experience: Streamlines the login process by removing the need to remember and manage passwords.
- Modern Approach: Aligns with current security best practices and user expectations.
When to Choose Password-based Authentication
- Familiar Experience: Suitable for applications where users expect conventional authentication methods.
- No Email/Phone Requirement: Supports username and password login without requiring email or phone, using a unique identifier to associate credentials.
Understanding Auth Actions:
When using Descope for authentication, there are a few key actions to understand:
- Sign Up: Sign Up is used when creating a new user. It will fail if the user already exists. This action is typically used to onboard new users.
- Sign In: Sign In is for logging in an existing user. It fails if the user doesn't already exist in your system, making it suitable for authentication flows where the user is known.
- Sign Up or In: Sign Up or In combines the previous two, automatically logging in the user if they already exist or signing them up if they don't. This is used to simplify your flow logic and handle both processes with one action.
- Update User: Update User allows you to enhance an existing user's authentication method, like adding a passkey or linking another login option to the same account. This doesn't create a new user but modifies the existing one to support more login methods.
Using Authentication Methods in Flows
Note
These methods are fully compatible with both our client and backend SDKs, as well as our APIs. For more information on these, visit our Getting Started guide.
Here's a quick demonstration of adding an authentication method to a Flow:
