Here is a list of websites/apps/services which support passkeys for auth. https://passkeys.directory/ It's a short manually maintained list by 1password, I wonder if anyone is maintaining something programatically

could do a scan of the alexa top 1000 or shodan, though would you search for? I guess for webauthn Javascript accessing

window.PublicKeyCredential

But for magic links or other non-standardised passwordless auth...?

It would be cool to do a "state of passwordless" review which included an adoption stat

I might have a go at scanning Alexa top 100 for webauthn usage indicators. I have some experience in web scraping, even with widespread anti-bot tech. I wrote this python module to do it "legitimately" last year https://github.com/SergeBakharev/privacypass

Hi everyone! Here's a blog on how you can add add Descope Authentication to your React + Flask app. Build a multi-page teacher/student app with protected routes, a dashboard, and a not-so secret message 😉 If you have ideas for other tutorials we should create, let us know! https://www.descope.com/blog/post/auth-react-flask-app

Hi everyone! Here's a blog on how you can add the user's email as a custom attribute to the JWT response using Descope Flows: With Descope Flows, you can add any custom attributes in a drag-and-drop manner to give your users a more personalized experience. If you have ideas for other tutorials we should create, let us know! https://www.descope.com/blog/post/add-user-information-jwt-response

Back again with another tutorial! This time... ⌛ The waitlist app you've been waiting for. Not ready to open up your app to the world, but still want to onboard users and early adopters with proper authentication? No problem. 🔑 The waitlist app will come with... ✨ 1. Email verification & authentication. 2. Different screens and journeys for approved and waitlisted users. 3. A custom Profile page upon approval. 4. Airtable & email automation for user tracking. Some cool things you will learn: ✅ Descope Flows ✅ HTTP Connectors Check it out 🔗: https://lnkd.in/gCM4Yv_a

Want to securely merge user identities across authentication methods? In this tutorial, @faint-musician-4508 covers how to: ✅ Add social logins, OTP, and passkeys to your login ✅ Merge user identities across auth methods ✅ Promote biometrics for future logins The best part? All of it is drag-and-drop!

food for thought: https://www.sjoerdlangkemper.nl/2023/08/16/session-timeout/

Hello hackers!! I made a hackathon template and it has the following features: ✅ Descope authentication with Auth.js ✅ The latest #nextjs app router, server, and client components ✅ Fully customizable pages ✅ A dashboard for hackers to onboard, check acceptance statuses, and read announcements If you have a hackathon idea, maybe now's the time to start building 😉 Blog: https://www.descope.com/blog/post/auth-nextjs13-app-nextauth Repo: https://github.com/descope/nextjs-hackathon-template/ ⭐

If you haven't checked out the Descope Explorer and the power of quickly testing flows, check out this blog on how it can help you explore the power of flows. https://www.descope.com/blog/post/descope-explorer

📢 Calling all React devs! This step-by-step tutorial shows you how to add Descope authentication and RBAC to a React + Node app. You can find the instructions along with code snippets and a sample app here: https://www.descope.com/blog/post/react-authentication-tutorial Let us know what other tutorials would be helpful for you and we will make them happen!

nightking Building passkeys keeping you up at night? This comprehensive tutorial intros passkeys for developers, goes through how to add passkeys to an app from scratch, and covers how Descope greatly simplifies the entire process. Steps, code, and sample apps this way: https://www.descope.com/blog/post/developer-guide-passkeys We would love to hear any feedback!

🧐 There's lots going on under the OAuth hood Here's a comprehensive guide covering: • Basics of OAuth for developers • Adding OAuth to a React app from scratch • How Descope simplifies the process Tutorial, code snippets, and sample apps this way: https://www.descope.com/blog/post/oauth2-react-authentication-authorization Any feedback or questions welcome!

This is an interesting project from Google. https://github.com/WICG/dbsc/blob/main/README.md This is what passkeys are to passwords but for jwt. So session tokens (cred binding).

They make the session tokens bound to the device used for auth, and stored in the TPM

In a similar vane, I recently worked on a project to implement encrypted at rest secrets used in a Linux server app using systemd-creds. It's the systemd service native way to encrypt and expose secrets to the services, which uses the TPM for storage of encryption key. Really really easy stuff to setup, I recommend it to anyone writing Linux server apps in 2024. https://systemd.io/CREDENTIALS/

Looks like the trusted compute story from the early 2020s is coming to fruition. Very exciting.

Hey everyone, we're excited to announce that we added a CI/CD template for GitHub actions this week. The guide for implementation can be found here. This tool assists you in being able to PR your changes between environments and automate the deployment tasks.

🤦 Of course it's CORS If your app isn't working as expected, CORS is a common culprit. Here's a blog that: ✅ Covers the basics of CORS and why it matters ✅ Outlines four common CORS errors and how to fix them ✅ Shares tips for working around CORS when needed https://www.descope.com/blog/post/cors-errors P.S. You should also bookmark this excellent resource from MDN if you haven't already: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors

⚡ Build Auth Swift(ly) Here's a step-by-step tutorial that sets up an iOS app, adds OTP authentication, and includes RBAC controls for end users with Descope. Open up Xcode and get started: https://www.descope.com/blog/post/ios-swift-authentication-tutorial Let us know if you have any other ideas for tutorials!

🌎 "Learn once, write anywhere!" Check out our latest guide on setting up authentication in a React Native app! https://www.descope.com/blog/post/react-native-authentication

Looking for guidance on how to add magic links to React? This guide goes through: • Magic links 101 • Adding magic link auth + RBAC to React with Descope Flows • Other link-based auth options with Descope https://www.descope.com/blog/post/magic-link-rbac-react

We have come across several Descopers asking whether they should use email or phone for customer authentication. While the true answer is

it depends on your app

(and Descope can support you either way), the blog below goes into what factors you can consider while making the decision like: • Demographics of your audience • Form factor (web, mobile, both) • Security and inherent vulnerabilities • End user experience https://www.descope.com/blog/post/email-vs-phone-customer-authentication Any feedback or thoughts welcome!

⚙️ Anyone looking to integrate Descope with Next.js 14 using App Router? https://www.descope.com/blog/post/auth-nextjs14-app-router This blog goes through a sample blogging application with: • Magic link auth using the Descope Next.js SDK • Editor and Admin roles / permissions Any comments or feedback welcome!