Descope.com looks like a knock-off of Auth0 with cool words like "Drag-and-Drop Authentication" (whatever that means), geared towards developers with the oh-so-prevalent black background and terminal-green letters, but I'm not sure I see why anyone would move off of Okta or Auth0 (aren't they the same company now, anyways?) for such a seedling company

give https://passkeys.guru/ a try and see how it works compared to what you know

Fuck me. No permission window? Just like that, email --> scan barcode --> login?

Where do I see what permissions I just granted from my (naturally, dummy) gmail account? What happens next time I want to login?

that's the beauty of webauthn! this login process tied your device to the email address you provided, on passkeys.guru - no access/permission was granted to the website!

the only thing shared with passkeys.guru is the pubic key of your device (which was generated specifically for passkeys.guru and cannot be used to identify you or your device on other websites)

no biometrics or any other PII was shared with passkeys.guru in the process.

technically, you can use any identifier you want with passkeys, even just a dummy username - we chose to use email as it allows pairing with other authentication methods (oauth, magiclink, etc.) that are email based

Reading about it a little bit now + referencing the article - that looks like a normal web standard, not something a proprietary player should have any business dealing with. If the major browsers will already support this, why do I need a third-party plater?

Just use the latest & greatest open-source library, no?

You can definitely implement (and maintain) authentication yourself, or consider a managed service so you can focus on your own app that

AKA: We do Auth, you do you.