Identity Provider

    Descope for LLM Authentication

    Passwordless authentication for your AI stack. Use Descope's magic links, passkeys, and social logins with local LLMs through Attach Gateway.

    Get Started View Documentation

    Why Descope + Attach?

    Descope makes passwordless auth easy. Attach makes it work with LLMs. Together:

    • Users authenticate with magic links, passkeys, or social providers
    • Descope issues JWTs that Attach verifies
    • Optional token exchange for downstream services
    • Per-user identity headers on all LLM requests

    Key Features

    Inbound Token Verification

    Attach validates Descope JWTs automatically. Passwordless, MFA, and social logins all work.

    Token Exchange

    Exchange Descope tokens for downstream service tokens. Perfect for multi-service architectures.

    Passwordless Ready

    Magic links, passkeys, and biometrics. Modern auth for your AI applications.

    Setup Guide

    1

    Get your Descope credentials

    From your Descope console, grab your project ID and create an API key.

    # Descope Console > Project Settings
Project ID: P2abc123...
# Create a management key for token exchange (optional)
    2

    Configure Attach Gateway

    export AUTH_BACKEND=descope
export OIDC_ISSUER=https://api.descope.com/P2abc123
export OIDC_AUD=your-api-identifier

# Optional: Enable token exchange
export ENABLE_DESCOPE_EXCHANGE=true
export DESCOPE_PROJECT_ID=P2abc123
export DESCOPE_CLIENT_ID=your-client-id
export DESCOPE_CLIENT_SECRET=your-secret

attach-gateway --port 8080
    3

    Authenticate users with Descope

    // In your frontend (React example)
import { useDescope } from '@descope/react-sdk';

const { user, getSessionToken } = useDescope();
const token = await getSessionToken();

// Use token with your LLM requests
fetch('http://localhost:8080/api/chat', {
  headers: { 'Authorization': `Bearer ${token}` },
  // ...
});
    4

    Requests flow through Attach

    # Without valid Descope token: 401 Unauthorized
# With valid token: Request forwarded to LLM
# User identity available in X-Attach-User header

    Token Exchange (Advanced)

    Need to exchange Descope tokens for different scopes or audiences? Attach supports Descope's token exchange flow for complex multi-service architectures.

    Enable with ENABLE_DESCOPE_EXCHANGE=true

    Supported Descope Features

    Magic link authentication
    Passkey/WebAuthn support
    Social login (Google, GitHub, etc.)
    MFA/2FA enforcement
    Custom JWT claims
    Token exchange
    Session management
    User metadata

    Frequently Asked Questions

    Why passwordless auth for LLMs?

    Passwordless removes friction for developers accessing AI tools. Magic links and passkeys are faster than remembering passwords, and they're more secure—no credentials to phish or leak. For internal AI tools, this means higher adoption with better security.

    When should I use token exchange?

    Token exchange is useful when your LLM service needs to call other APIs on behalf of the user. For example, if your AI assistant needs to access a user's calendar or email, you can exchange the Descope token for a scoped token for those services.

    Do passkeys work with CLI tools?

    Yes, but typically through a browser flow. Your CLI initiates auth, opens a browser for passkey verification, then receives the token via callback. Descope handles this flow elegantly, and Attach accepts the resulting JWT like any other OIDC token.

    Can I migrate from Auth0 to Descope?

    Absolutely. Descope offers migration tools for importing users. Since Attach is IdP-agnostic, you just update your OIDC_ISSUER environment variable—your LLM applications don't need any code changes, only new tokens from the new provider.

    Related Integrations

    Ollama

    Secure Ollama with Descope

    Auth0

    Alternative identity provider

    Claude Code Enterprise

    Enterprise runtime

    Ready for Passwordless LLM Auth?

    Connect Descope to your AI stack in under 5 minutes.

    Quick Start GuideView on GitHub