Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
@descope/role-management-widget
Advanced tools
.env
fileIn the widget package create an .env
file which includes;
DESCOPE_BASE_URL= # env base url, default: "https://app.descope.com"
DESCOPE_PROJECT_ID= # your Descope's project ID
DESCOPE_TENANT= # tenant ID
DEBUG_MODE= # "true" / "false", default: "false"
DESCOPE_THEME= # "light" / "dark" / "os", default: "light"
DESCOPE_WIDGET_ID= # default: "role-management-widget"
// replace x.x.x with the latest release of the widget: https://www.npmjs.com/package/@descope/role-management-widget
<script src="https://descopecdn.com/npm/@descope/role-management-widget@x.x.x/dist/index.js"></script>
<descope-role-management-widget
base-url="<DESCOPE_BASE_URL>"
project-id="<DESCOPE_PROJECT_ID>"
tenant="<DESCOPE_TENANT>"
debug="<DEBUG_MODE>"
theme="<DESCOPE_THEME>"
widget-id="<DESCOPE_WIDGET_ID>"
></descope-role-management-widget>
run npm start
to start the widget.
In order to work with the widget, you must be logged in as the tenant admin In case you are not authenticated, a login flow will run first, and after logging in, the widget will be rendered
/app
- contains index.html
/lib
- widget's source codelib/widget
- widget related implementationslib/widget/api
- Logic related to API callslib/widget/mixins
- Widget specific logiclib/widget/state
- State management logicThe widget is composed of mixins, each mixin contains specific logic parts, and sometime exposes an API that can be used in other mixins.
Mixins can be composed on top of each other, so we can create new mixins by composing several mixins together.
Functions that create mixins, can get a configuration, and returns the mixin functions.
Since mixins are composable, in some cases we want to make sure a mixin is loaded only once. For example: When there is no need for its logic to run multiple times when composed in different mixins.
For this case we have a wrapper function (createSingletonMixin
) to ensure that a mixin is loaded only once, regardless how many times it will be composed.
Mixins should be wrapped with the createSingletonMixin
wrapper function, unless there is a reason for running the mixin's logic multiple times.
We're using several tools to handle the widget's state:
An abstraction layer that provides an API for components, and enables handling interactions with components within the widget.
The motivation to use drivers is to decouple the widget's code from the component's implementation, and therefore it's important to interact with components only using drivers (and not relying on component's implementation details).
Since screen are fetched dynamically, when developing a new screen for the widget you will probably want to use mock templates. To do so, simply replace the call to fetchWidgetPage
with a string which includes your HTML.
FAQs
Descope role management widget
The npm package @descope/role-management-widget receives a total of 8,793 weekly downloads. As such, @descope/role-management-widget popularity was classified as popular.
We found that @descope/role-management-widget demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.