Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
@descope/access-key-management-widget
Advanced tools
.env
fileIn the widget package create an .env
file which includes;
DESCOPE_BASE_URL= # env base url
DESCOPE_PROJECT_ID= # project ID
DESCOPE_TENANT= # tenant ID
DESCOPE_WIDGET_ID= # default: access-key-management-widget
Use the DescopeWC in this package's index.html
. Comment out the widget web-component from index.html
and paste this:
<script src="https://cdn.jsdelivr.net/npm/@descope/web-component@latest/dist/index.min.js"></script>
<descope-wc
project-id="<project-id>"
flow-id="<flow-id>"
base-url="<base-url>"
></descope-wc>
run npm start
to load the widget.
After authentication, comment out DescopeWC and remove restore the widget's web-component in index.html
.
The widget should now run.
/app
- contains index.html
/lib
- widget's source codelib/mixins
- generic mixins (shared logic to reuse by other widgets)lib/widget
- widget related implementationslib/widget/api
- Logic related to API callslib/widget/drivers
- An SDK for component interactionlib/widget/mixins
- Widget specific logiclib/widget/state
- State managment logicThe widget is composed of mixins, each mixin contains specific logic parts, and sometime exposes an API that can be used in other mixins.
Mixins can be composed on top of each other, so we can create new mixins by composing several mixins together.
Functions that create mixins, can get a configuration, and returns the mixin functions.
Since mixins are composeable, in some cases we want to make sure a mixin is loaded only once. For example: When there is no need for its logic to run multiple times when composed in different mixins.
For this case we have a wrapper function (createSingletonMixin
) to ensure that a mixin is loaded only once, regardless how many times it will be composed.
Mixins should be wrapped with the createSingletonMixin
wrapper function, unless there is a reason for running the mixin's logic multiple times.
We're using several tools to handle the widget's state:
An abstraction layer that provides an API for components, and enables handling interactions with components within the widget.
The motiviation to use drivers is to decouple the widget's code from the component's implementation, and therefore it's important to interact with components only using drivers (and not relying on component's implenentation details).
Widget UI is composed of @descope/web-components-ui
, which is loaded during the widget init in runtime.
For optimization, we load only the relevant components, defined on the widget screens DOM.
Since screen are fetched dynamically, when developing a new screen for the widget you will probably want to use mock templates. To do so, simply replace the call to fetchWidgetPage
with a string which includes your HTML.
In some cases you want to make changes to components anf see how it affects the widget. To do so, you need to build web-components-ui
and serve the dist
folder from your machine (with npx serve
or other util).
Add the key base.ui.components.url
to your localStorage and set its value to the URL of the served dist umd/index.js
file.
Pay attention that theme changes will not take affect until the components
FAQs
Descope access key management widget
The npm package @descope/access-key-management-widget receives a total of 14,339 weekly downloads. As such, @descope/access-key-management-widget popularity was classified as popular.
We found that @descope/access-key-management-widget demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.