Home / Companies / Descope / Blog / May 2026

May 2026 Summaries

12 posts from Descope

Filter
Month: Year:
Post Summaries Back to Blog
Choosing the right authentication platform is crucial for building modern applications, as it impacts secure login, user management, and the overall development process. Developer-friendly platforms such as Descope, Auth0, Clerk, Firebase Authentication, Supabase, and Stytch go beyond APIs to provide tools that accelerate development, allow customization, and support growing applications from prototypes to enterprise scale. These platforms are selected based on various factors, including application architecture, user base, security needs, and product roadmap. Descope stands out for its workflow-driven approach, offering flexibility and control over authentication without extensive backend changes. Auth0 is noted for its mature ecosystem and protocol support, while Clerk excels in frontend integration for React and Next.js applications. Firebase Authentication integrates well with the Google ecosystem, making it ideal for teams already using Firebase services. Supabase offers an open-source, Postgres-native solution, and Stytch focuses on passwordless authentication methods. The choice of platform should align with an organization’s current and future ecosystem needs, as changing authentication systems mid-development can be costly and time-consuming.
May 30, 2026 3,301 words in the original blog post.
Choosing the right authentication platform for multi-tenant SaaS and B2B applications is crucial, given the complexity of managing tenant-specific identity needs, enterprise SSO, SCIM provisioning, and role management without custom development for each new customer. The text compares eight solutions: Descope, Auth0, WorkOS, Frontegg, Ory, Keycloak, Amazon Cognito, and Firebase Authentication / Google Identity Platform, each offering different strengths and models, such as full-stack managed, enterprise feature layers, open-source self-hosted, and cloud-native options. Descope is highlighted for its workflow-driven approach, allowing teams to manage authentication, SSO, and other identity services flexibly without accumulating custom code, while platforms like Auth0 and WorkOS offer mature, enterprise-ready features with extensive support for various protocols and integrations. The decision on which platform to use should consider factors like architecture, enterprise readiness, and long-term identity strategies, ensuring scalability, security, and developer efficiency as the application grows.
May 30, 2026 4,537 words in the original blog post.
Selecting the appropriate authentication platform is a vital architectural decision for modern applications, with FusionAuth and Auth0 being prominent options. FusionAuth offers self-hosted deployment flexibility and extensive customization for organizations seeking greater control over their identity infrastructure, making it attractive for companies with complex compliance and data residency needs. On the other hand, Auth0 provides a fully managed CIAM platform with broad enterprise integrations and reduced operational complexity, ideal for teams seeking quick setup and less maintenance work. While FusionAuth requires more engineering effort due to its flexibility, Auth0’s managed approach can lead to higher costs and potential vendor lock-in over time. The choice between these platforms depends on an organization's infrastructure strategy, customization needs, and operational preferences, with alternatives like Descope offering additional options for workflow-driven identity orchestration.
May 26, 2026 1,861 words in the original blog post.
In the tutorial, a Claude-powered Gmail agent is constructed using Descope's Agentic Identity Hub to manage authentication and authorization securely. The agent is designed to handle complex workflows with multiple actions, such as reading and sending Gmail emails, with a robust security model that includes progressive OAuth scoping and human-in-the-loop approval for sensitive actions like sending emails. The architecture involves a multi-layered security approach where the MCP server acts as a boundary, managing OAuth tokens on behalf of users without exposing them to the agent. The tutorial provides step-by-step instructions on setting up the necessary configurations in the Descope Console, building the MCP server with Gmail tools, and deploying it on Vercel. It emphasizes the importance of implementing security from the ground up by using layered authentication and authorization mechanisms to prevent unauthorized actions and ensure user intent is respected. The complete source code for this implementation is available for reference, offering a blueprint for building secure AI agents capable of interfacing with external services like Gmail without compromising user data integrity.
May 20, 2026 5,589 words in the original blog post.
Omnichannel retail authentication is essential in today's shopping landscape, where customers frequently transition between digital and physical platforms such as online stores, mobile apps, kiosks, and IoT devices. This approach ensures a seamless and secure user experience by adapting authentication methods in real-time based on device, user behavior, and risk levels. Descope Flows facilitate this by providing a visual identity orchestration layer that centralizes authentication workflows, enabling retailers to implement dynamic, cross-channel authentication strategies like passwordless login and adaptive multi-factor authentication (MFA). A notable use case is self-checkout with second-device authentication, where customers use their mobile devices to authenticate securely at kiosks, enhancing security and personalization while reducing friction. This modern identity orchestration not only protects against fraud and account takeovers but also allows retailers to unify customer interactions across channels, improving loyalty tracking and personalization.
May 15, 2026 1,628 words in the original blog post.
AI agent credential management presents unique challenges due to the autonomous and non-deterministic nature of these systems, which require access to various tools, APIs, and data sources. Traditional credential management methods, often inherited from human or static machine identities, are ill-suited for AI agents as they tend to provide overly broad access with inadequate oversight and revocability. This mismatch can lead to significant security risks, as evidenced by incidents where mismanaged credentials enabled destructive actions. Effective management involves issuing short-lived, task-specific credentials that are bound to a specific user and task, rather than relying on long-lived API keys or shared service accounts. The implementation of scoped, ephemeral credentials, supported by tools like the Agentic Identity Hub, is crucial to ensuring secure and compliant agent operations. This approach is aligned with modern identity and access management practices, which emphasize dedicated agentic identity, centralized policy enforcement, and comprehensive audit trails to mitigate risks associated with credential misuse and to manage agents' identities throughout their lifecycle.
May 14, 2026 4,030 words in the original blog post.
The adoption of passkeys, a passwordless authentication method, is gaining momentum as awareness among consumers and organizations grows, although there is a notable gap between intent and implementation. The FIDO Alliance reports that 75% of global consumers recognize passkeys, but many organizations still rely heavily on passwords, with only 2% believing that passwords effectively balance security and user experience. While platforms like Google and Microsoft have made passkeys a default option, fostering rapid adoption, organizations face challenges such as legacy system modernization and limited authentication expertise, leading to partial implementation. Passkeys offer significant benefits, such as enhanced security, faster sign-ins, and reduced support costs, with organizations like Microsoft and Gemini seeing substantial improvements in login success rates and user experience. Moving forward, the business case for passkeys is becoming increasingly compelling, with hybrid implementations likely to outpace traditional password reliance, and organizations are encouraged to deploy passkeys alongside existing systems to optimize identity journeys gradually.
May 13, 2026 1,404 words in the original blog post.
AI coding assistants like Gemini Code Assist and Claude Code offer distinct approaches to supporting developers, with Gemini providing an IDE-native experience integrated into VS Code and JetBrains, while Claude Code acts as a more autonomous agent across the codebase. In comparing the two, Gemini Code Assist is noted for its generous free tier and seamless integration, although it falters with incomplete migrations and security oversights, such as leaking hashed passwords in API responses. Claude Code, on the other hand, excels with its comprehensive and secure implementation, producing a structured and modular codebase with extensive test coverage. Despite lacking a free tier, Claude Code's robust system-level reasoning and attention to security details make it more suitable for production-critical tasks. Both tools serve different needs, with Gemini being ideal for quick, exploratory projects and Claude Code for intricate, multi-file tasks requiring high-quality output. Ultimately, developers are advised to treat AI-generated code as a draft, requiring careful review and testing before deployment, and to utilize tools like Descope Docs MCP Server for enhanced documentation access within the IDE.
May 13, 2026 4,300 words in the original blog post.
NIST's updated Digital Identity Guidelines, SP 800-63-4, aim to improve the usability and security of passwords by moving away from outdated practices like frequent password changes and complex character requirements, which research shows can lead to weaker passwords that are difficult to remember. Instead, NIST advocates for longer passphrases, supporting up to 64 characters, and recommends allowing the use of password managers and autofill functions. Additionally, the guidelines encourage the use of a full character set, including ASCII and Unicode, to give users more choice while simplifying password creation. Although NIST is promoting biometric authentication as a more secure alternative, the guidelines acknowledge that passwords remain a fundamental part of digital security, and the challenge lies in getting organizations to adopt these newer, more practical recommendations.
May 08, 2026 1,538 words in the original blog post.
Clerk is a developer-focused authentication platform that offers pre-built UI components and user management features for web applications, facilitating quick and easy implementation of login and signup functionalities. However, as applications scale and identity requirements become more sophisticated, developers often find Clerk's frontend-centric and tightly coupled components limiting, especially concerning flexibility, backend control, B2B readiness, and scalability. Clerk's design primarily caters to B2C applications, posing challenges in supporting enterprise SaaS needs and complex multi-tenant environments. This leads teams to explore alternatives like Descope, Auth0, Amazon Cognito, Firebase Authentication, Keycloak, and Ory, each offering varying degrees of flexibility, control, and integration capabilities that better accommodate evolving identity needs. Descope, in particular, stands out for its workflow-driven approach that unifies authentication, authorization, and adaptive MFA, allowing teams to scale identity solutions without re-architecting systems or adding complexity.
May 07, 2026 3,041 words in the original blog post.
Gartner's report "IAM Adapts to Secure and Enable AI Agents" highlights the evolving needs of identity and access management (IAM) as AI agents become more prevalent, emphasizing the importance of treating AI agents as first-class identities with unique credentials to prevent security and compliance issues. The report identifies areas like identity registration and credential management as underdeveloped, and recommends prohibiting the sharing of human credentials with AI agents to maintain a clear identity boundary. Descope's Agentic Identity Hub aligns with Gartner's recommendations by providing a comprehensive solution that includes OAuth 2.1-based consent and delegation, centralizing agent identity management, and enforcing policy-driven authorization to ensure least privilege access. The platform supports both workforce and customer-facing AI agents, offering a unified architecture while maintaining necessary data separation, and aims to address security gaps by enabling organizations to manage agentic identity securely and efficiently.
May 06, 2026 3,059 words in the original blog post.
Coding Agent Shuni, developed by Descope, is an AI agent designed to automate coding tasks within their GitHub organization while ensuring secure and accountable identity management. Inspired by a team member’s dog, Shuni operates by being mentioned on GitHub issues, subsequently creating pull requests attributed to the engineer who invoked it. This identity management is facilitated through an innovative system that securely stores OAuth grants instead of relying on shared bot credentials, ensuring every action by Shuni is attributable to a specific user. The architecture involves four key identity decisions: authenticating the human user, issuing a scoped credential, preserving the delegation chain, and allowing for easy revocation, which collectively ensure that engineers remain accountable for Shuni’s actions. This system is designed to minimize security risks such as credential leaks and to streamline agent offboarding. The principles applied in Shuni’s design are recommended for any AI agents acting on behalf of users, emphasizing the importance of user-scoped credentials, provable attribution, and separation of authentication from authorization. Moving forward, Descope plans to enhance Shuni’s capabilities by integrating its internal tools with broader organizational policies and secure agent infrastructure, further showcasing the significance of identity management in AI deployment.
May 06, 2026 2,121 words in the original blog post.