Backend SDK Authentication Guides
The authentication guides are meant for developers that are NOT using Descope to design login screens and authentication flows. If you’d like to use Descope Flows, Quick Start should be your starting point.
In this approach, your application server directly communicates with the Descope service for all the authentication steps. Your application logic must handle all the interactions between the client and the application server, including the session token management.
Each guide will direct you through the steps you need to follow irrespective of your chosen language and framework. The guides also contain sample code for all the languages and frameworks supported by Descope.
| Authentication Method | Description | Guide |
|---|---|---|
| One Time Password (OTP) | A single-use code that grants a user access to your application. Descope supports OTP sent via SMS and email today. | Guide |
| Magic Link | A single-use link sent to a user’s email address or phone via sms that grants them access to your application. | Guide |
| Enchanted Link | An enhanced version of magic link that enables a user to login by clicking a link on a different device. | Guide |
| Social Login (OAuth) | Enable users to access your application by using identities they have created on other applications (Google, Twitter, LinkedIn, etc.). | Guide |
| Authenticator Apps | Enable users to access your application by using time-based numeric codes generated by apps like Google Authenticator and Authy. | Guide |
| Biometric (WebAuthn) | Enable users to access your application by using biometrics built into their devices (fingerprint scanning, facial recognition, security keys). | Guide |
| Single Sign On (SSO/SAML) | Enable users to access your B2B application using single sign-on with identity providers like Google, Microsoft, and Okta. | Guide |
| Passwords | Enable users to access your application using passwords. | Guide |