Descope

How to integrate Descope with Webflow

Descope offers flexible integration paths for Webflow sites, from simple embeddable components for basic authentication to API-driven solutions for advanced authorization.

Descope’s visual builder lets you design custom authentication experiences without code, while its web components work directly in Webflow through custom code embeds. For teams that need enterprise features like single sign-on or fine-grained permissions, Descope's API endpoints enable server-side verification and complex authorization patterns.

Use embeds and native features

Integrate Descope with Webflow using web components embedded directly in Webflow. This approach requires adding scripts to your site's custom code but offers complete control over the authentication experience.

Set up the integration:

1. Add Descope's web component script to your site's head code via Site Settings > Custom Code:

2. Create a login page and embed the authentication component using an HTML Embed element:

Key features available through embeds:

• Hosted authentication flows that handle signup, login, and password reset
• User profile widget for account management and session display
• Role-based visibility using JavaScript to show/hide elements based on user permissions
• Custom styling through Descope's flow editor to match your brand

The embed method also supports Descope's Auth Hosting App, which provides a fully hosted authentication experience on your custom domain. Link to these hosted pages from Webflow buttons while maintaining consistent branding.

Build with Webflow and Descope APIs

Integrating Webflow and Descope with APIs integration enables enterprise authentication features and server-side security.

This approach combines the Webflow CMS with Descope's identity management platform, enabling protected content delivery, user synchronization, and advanced authorization patterns.

Core capabilities include:

• Server-side token verification using OIDC endpoints
• Fine-grained authorization with ReBAC/ABAC management
• Automated user provisioning via SCIM endpoints
• Webhook-driven CMS updates for real-time synchronization

Implement secure content gating

Protect premium content or member areas by verifying Descope tokens server-side before serving restricted resources:

1. Deploy a serverless function on Cloudflare Workers or Netlify Functions to act as a gatekeeper
2. Verify JWT tokens using Descope's JWKS endpoint at https://api.descope.com/__ProjectID__/.well-known/jwks.json
3. Check user roles extracted from the token against required permissions
4. Serve protected content only after successful verification, returning 403 for unauthorized requests

This pattern prevents client-side bypassing while maintaining the Webflow visual editing experience for public pages.

Sync user profiles with Webflow CMS

Automatically maintain user directories or member profiles in Webflow collections:

1. Configure webhooks in Descope for events like user.created and role.assigned
2. Process events in your serverless function, mapping Descope user attributes to Webflow CMS fields 
3. Update collections using Webflow's Data API to create or modify member items
4. Publish changes to make profile updates instantly visible on your site

The TOTP endpoints enable adding time-based one-time password authentication, which can be implemented as part of multi-factor authentication flows for high-value actions.  The User Management API allows custom admin interfaces.

Enable enterprise SSO

Connect corporate identity providers for B2B customers:

1. Configure SAML/OIDC connections in Descope for each enterprise tenant
2. Implement a discovery flow that routes users to their company's SSO based on email domain
3. Process authentication through Descope's authorization endpoint with proper redirect handling
4. Map SSO attributes to Webflow CMS fields for personalized experiences

The SCIM provisioning endpoints automate user lifecycle management when integrated with enterprise identity providers.