Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@descope/web-component
Advanced tools
Create your login pages on our console-app, once done, you can use this library to inject those pages to your app
it registers- a web component and update the web-component content based on the relevant page,
See usage example below
npm install @descope/web-component
import '@descope/web-component' // This import will define `descope-wc` custom element
import { DescopeWc } // In case you need types definition or you want to use the class directly
// Render Descope Web Component, for example:
render(){
return (
<descope-wc project="myProjectId"/>
)
}
Copy the file @descope/web-js/sdk/dist/descope-wc.js
and place it where your HTML file is located
Add the following script tag to your HTML file
<head>
<script src="./my-lib.umd.production.min.js"></script>
</head>
<descope-wc project-id="<project-id>" flow-id="<flow-id>"></descope-wc>
To run the example:
pnpm i
cd packages/web-component
.env
file and the following variables:// .env
# Descope Project ID
DESCOPE_PROJECT_ID=<project-id>
# Flow ID to run, e.g. sign-up-or-in
DESCOPE_FLOW_ID=<flow-id>
# Optional - Descope base URL
DESCOPE_BASE_URL
# Optional - Descope locale (according to the target locales configured in the flow)
DESCOPE_LOCALE=<locale>
pnpm run start
NOTE: This package is a part of a monorepo. so if you make changes in a dependency, you will have to rerun npm run start
(this is a temporary solution until we improve the process to fit to monorepo).
Attribute | Available options | Default value |
---|---|---|
base-url | Custom Descope base URL | "" |
theme | "light" - Light theme "dark" - Dark theme "os" - Auto select a theme based on the OS theme settings | "light" |
debug | "true" - Enable debugger "false" - Disable debugger | "false" |
telemetryKey | String - Telemetry public key provided by Descope Inc | "" |
auto-focus | "true" - Automatically focus on the first input of each screen "false" - Do not automatically focus on screen's inputs "skipFirstScreen" - Automatically focus on the first input of each screen, except first screen | "true" |
errorTransformer
- A function that receives an error object and returns a string. The returned string will be displayed to the user.The function can be used to translate error messages to the user's language or to change the error message.
Usage example:
function translateError(error) {
const translationMap = {
SAMLStartFailed: 'לא ניתן להתחבר כרגע, אנא נסה שוב מאוחר יותר',
};
return translationMap[error.type] || error.text;
}
const descopeWcEle = document.getElementsByTagName('descope-wc')[0];
descopeWcEle.errorTransformer = translateError;
error
- Fired when an error occurs. The event detail contains the error object.Usage example:
const descopeWcEle = document.getElementsByTagName('descope-wc')[0];
descopeWcEle.addEventListener('error', (e) => alert(`Error! - ${e.detail.errorMessage}`));
success
- Fired when the flow is completed successfully. The event detail contains the flow result.Usage example:
const descopeWcEle = document.getElementsByTagName('descope-wc')[0];
descopeWcEle.addEventListener('success', (e) => alert(`Success! - ${JSON.stringify(e.detail)}`));
FAQs
Descope WC
We found that @descope/web-component demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.