JS Scriptlets, Salesforce connector & other product updates
Auth Thoughts is a monthly newsletter produced by Team Descope, the collective consciousness of everyone at Descope. Read on for product updates, tutorials, and a monthly roundup from the world of identity and authentication.
Descope changelog
To paraphrase a quote from Dory the forgetful fish: “Just keep shipping”. Here are some of the latest product updates from Descope:
🧑💻 Scriptlets
Our motto is always to do more with Flows. Now, that “more” includes Scriptlets – Flow steps where you can use JavaScript to run operations on user data and context within the user journey itself. The results of the Scriptlet will be stored in the Flow’s context, so you can use it later in the user journey as well.
🤝 Salesforce connector
Our latest Salesforce connector is at your service! Using Salesforce’s Query API, you can now query any of your objects and data with the SOQL syntax at any point of the user journey. This connector can help you create personalized onboarding experiences, ensuring customer data is in sync across tools, and utilizing customer context for authentication interactions.
🕺 Graceful error handling and debugging
You can now define and handle errors within conditional steps in your Flow (for example, if you want to check if the user has a WebAuthn-supported device). Conditional steps can be set as errors and you can define how to handle them within the user journey workflow itself.
Keep an eye on our changelog for ongoing product announcements. Have questions? Join our community and visit the #ask-a-descoper channel.
What does a real customer passkey deployment look like?
What does a multi-stakeholder passkey implementation look like in real life? How do you consider the security and UX implications for customers and employees interacting with your apps? What is the right user migration strategy for your organization?
Our customer Branch knows the answers to these questions inside-out. In this webinar with the FIDO Alliance, the Branch CISO and Product Manager will cover:
☑️ How to set goals and outcomes from a passkeys project
☑️ Navigating “build vs buy” decisions
☑️ Learnings on what went well and what they’d do differently
Tutorial central
Looking for help on how to integrate Descope for a particular framework or perform certain tasks? Our DevRel team has you covered.
Recommended by LinkedIn
🌟 Add auth to Flutter: This tutorial covers how to add passkeys and role-based access to web and mobile apps using Flutter and Descope.
🌟Add auth to Kong API Gateway: This tutorial covers how to implement API authentication in Kong Gateway using Descope Flows.
🌟 Authenticating APIs with JWT authorizers: This guide covers Descope JWT templates and how to use them with AWS API Gateway and Google Apigee.
Concept corner
We’re always happy to talk auth when given the chance. Here are some refreshers and best practices to keep in mind.
🆔 ABAC 101: Attribute-based access control is an authorization model that helps organizations manage complexity (but it can end up being pretty complex itself). Learn more about ABAC, how it works, and how to judge if it’s the right AuthZ model for your app.
🥱 MFA fatigue: MFA fatigue is a state of weariness or frustration experienced by users when dealing with MFA processes. Attackers can harness this frustration to bypass MFA – find out how.
Events and meetups
We’re up to a lot of jet-setting in the next few weeks. Stop by and say hi!
🍷 Black Hat happy hour: Will you be at Black Hat? Drop by our happy hour co-hosted by Notable Capital portfolio companies like Drata, HashiCorp, and Orca Security.
🤠fintech_devcon happy hour: If you’re in Austin for the fintech_devcon summit, join Descope, Skyflow, and Speakeasy for an incredible party at Seven Grand. Whiskey and peer wisdom guaranteed.
Helpful resources
Thanks for reading Auth Thoughts! If you’d like any other updates from the world of identity and authentication included in this newsletter, please let us know in the comments below.
Here are some other links to have handy:
🖥️ Sign up for a Descope Free Forever account if you want to use our authentication platform.
💭 Auth Thoughts, if you want to share this newsletter with others.
✍️ Developer blogs, if you’re looking for tutorials with specific frameworks or auth methods.
📚 Documentation, for Descope setup instructions, SDK code snippets, and more.
See you in August!