Skip to content

feat(create): add Descope auth add-on for React#483

Open
mariamantsurova wants to merge 1 commit into
TanStack:mainfrom
mariamantsurova:feat/descope-auth-addon
Open

feat(create): add Descope auth add-on for React#483
mariamantsurova wants to merge 1 commit into
TanStack:mainfrom
mariamantsurova:feat/descope-auth-addon

Conversation

@mariamantsurova

@mariamantsurova mariamantsurova commented Jul 8, 2026

Copy link
Copy Markdown

Adds Descope as a managed authentication add-on for the React framework, alongside the existing Clerk and WorkOS options. Selecting it wires Descope auth into a generated TanStack Start app end-to-end.

What's included

  • Provider<AuthProvider> (@descope/react-sdk) wrapped at the app root via VITE_DESCOPE_PROJECT_ID
  • Header user menu — self-contained avatar + "Sign out" (useSession/useUser/useDescope); renders nothing when signed out
  • Demo route/demo/descope rendering the sign-up-or-in flow plus a signed-in greeting
  • Metadatacategory: "auth" and exclusive: ["auth"]
  • Docs + envREADME.md (setup, route protection, production checklist) and .env.local entry
  • Changeset (@tanstack/create, minor)

Summary by CodeRabbit

  • New Features
    • Added a new React authentication add-on for Descope.
    • Included a demo sign-in route that shows the login flow and a signed-in welcome state.
    • Added a header user menu with profile display and sign-out support.
    • Documented setup steps, required environment configuration, and production readiness guidance.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR adds a new Descope authentication add-on for the React framework generator, including an app-root AuthProvider, a header user menu with sign-out, a /demo/descope route demonstrating sign-in/sign-out flows, manifest configuration, package dependency, environment template, README, and changeset.

Changes

Descope Auth Add-on

Layer / File(s) Summary
Manifest, dependency, and env template
packages/create/src/frameworks/react/add-ons/descope/info.json, .../package.json, .../assets/_dot_env.local.append
Defines add-on metadata, demo route and integration registrations, the @descope/react-sdk dependency, and the VITE_DESCOPE_PROJECT_ID env placeholder.
Auth provider wiring
.../assets/src/integrations/descope/provider.tsx
Reads the project ID from env, throws if missing, and exports AppDescopeProvider wrapping children with Descope's AuthProvider.
Header user menu
.../assets/src/integrations/descope/header-user.tsx
Renders authenticated user avatar/initial and a sign-out button, hidden during loading or when unauthenticated.
Demo route with sign-in/out views
.../assets/src/routes/demo/descope.tsx
Adds /demo/descope route rendering the Descope sign-up-or-in widget when signed out and a welcome greeting with avatar when signed in.
Documentation and changeset
.../README.md, .changeset/descope-auth-addon.md
Documents setup steps, session protection guidance, production checklist, and records the changeset entry.

Estimated code review effort: 2 (Simple) | ~15 minutes

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant DescopeDemo
  participant AppDescopeProvider
  participant DescopeSDK as Descope Widget/SDK

  User->>DescopeDemo: Visit /demo/descope
  DescopeDemo->>AppDescopeProvider: useSession()
  AppDescopeProvider-->>DescopeDemo: session state (loading/authenticated)
  alt Not authenticated
    DescopeDemo->>DescopeSDK: render Descope flow (flowId, theme)
    User->>DescopeSDK: complete sign-up-or-in flow
    DescopeSDK-->>AppDescopeProvider: session established
  else Authenticated
    DescopeDemo->>DescopeSDK: useUser()
    DescopeSDK-->>DescopeDemo: user data (email, picture)
    DescopeDemo-->>User: render welcome greeting
  end
  User->>DescopeSDK: click Sign out (HeaderUser)
  DescopeSDK-->>AppDescopeProvider: session cleared
Loading

Suggested reviewers: jherr

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly describes the main change: adding a Descope auth add-on for React.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Added@​descope/​react-sdk@​2.30.3981009599100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Medium
Low adoption: npm @descope/outbound-applications-widget

Location: Package overview

From: ?npm/@descope/react-sdk@2.30.3npm/@descope/outbound-applications-widget@0.5.2

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@descope/outbound-applications-widget@0.5.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (3)
packages/create/src/frameworks/react/add-ons/descope/assets/src/routes/demo/descope.tsx (2)

44-55: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Duplicated "Built with DESCOPE" link markup.

The same anchor block appears in both SignedOut (lines 44-55) and SignedInGreeting (lines 93-104). Extract a small shared component to keep them in sync.

♻️ Suggested extraction
+function DescopeAttribution() {
+  return (
+    <p className="demo-muted text-center text-xs">
+      Built with{' '}
+      <a
+        href="https://descope.com"
+        target="_blank"
+        rel="noopener noreferrer"
+        className="font-medium"
+      >
+        DESCOPE
+      </a>
+      .
+    </p>
+  )
+}

Then replace both occurrences with <DescopeAttribution /> (prepending "Sign out from the avatar in the header. " before it in SignedInGreeting).

Also applies to: 93-104

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@packages/create/src/frameworks/react/add-ons/descope/assets/src/routes/demo/descope.tsx`
around lines 44 - 55, The “Built with DESCOPE” anchor markup is duplicated in
both SignedOut and SignedInGreeting, so extract it into a shared
DescopeAttribution component in descope.tsx and replace both inline blocks with
that component. Keep the shared link markup identical in both places, and in
SignedInGreeting prepend the existing “Sign out from the avatar in the header.”
text before DescopeAttribution so both views stay consistent.

38-42: 🎯 Functional Correctness | 🔵 Trivial | 💤 Low value

Hardcoded theme="light" ignores dark mode.

The rest of the add-on (header-user, SignedInGreeting) uses dark: Tailwind variants, indicating the app supports dark mode. The <Descope> widget is fixed to theme="light" and won't adapt. Consider detecting the user's color scheme and passing it dynamically, or at minimum documenting this limitation.

// If the SDK supports a "theme" prop that accepts "auto" or a dynamic value:
<Descope
  flowId="sign-up-or-in"
  theme={document.documentElement.classList.contains('dark') ? 'dark' : 'light'}
  onError={(err) => console.error('Descope flow error', err)}
/>
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@packages/create/src/frameworks/react/add-ons/descope/assets/src/routes/demo/descope.tsx`
around lines 38 - 42, The Descope widget is hardcoded to a light theme, so it
won’t follow the app’s dark-mode support. Update the <Descope> usage in the demo
route to pass a dynamic theme value based on the current color scheme (or the
SDK’s auto mode if available), and keep the existing onError handling unchanged.
Use the <Descope> component and its theme prop as the main touchpoints when
making the change.
packages/create/src/frameworks/react/add-ons/descope/README.md (1)

26-33: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

RedirectToSignIn is illustrative pseudocode.

The RedirectToSignIn component in the route-protection example doesn't exist in the codebase. Consider adding a comment noting this is a placeholder the user must implement, or replace it with a TanStack Router redirect for accuracy.

-  if (!isAuthenticated) return <RedirectToSignIn />
+  // Replace with your own redirect, e.g. `navigate({ to: '/demo/descope' })`
+  if (!isAuthenticated) return <Navigate to="/demo/descope" />
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/create/src/frameworks/react/add-ons/descope/README.md` around lines
26 - 33, The route-protection example in the Descope README uses a non-existent
RedirectToSignIn component, so update the example to avoid implying it is
available. In the ProtectedPage snippet, either add an inline note that
RedirectToSignIn is placeholder pseudocode the user must implement, or replace
it with the actual TanStack Router redirect pattern. Keep the guidance tied to
ProtectedPage and RedirectToSignIn so readers understand what must be changed.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@packages/create/src/frameworks/react/add-ons/descope/assets/src/integrations/descope/header-user.tsx`:
- Around line 24-30: The Sign out click handler in header-user.tsx ignores the
Promise returned by sdk.logout(), so logout failures can become unhandled
rejections. Update the onClick path around sdk.logout() to await it or attach a
catch, and surface a visible fallback or error state from this component so
failures are handled cleanly.
- Around line 8-11: The avatar initial in header-user.tsx is rendered before the
user profile has finished loading, which can show the fallback too early. Update
the HeaderUser component to also guard on isUserLoading alongside
isSessionLoading and isAuthenticated, and only compute/render the initial after
user loading completes so the `useUser()` data is available before using
`user?.name` or `user?.email`.

In `@packages/create/src/frameworks/react/add-ons/descope/README.md`:
- Line 16: The README description for the Descope header user menu is inaccurate
because `header-user.tsx` does not render a “Sign in” link when unauthenticated.
Update the documentation text for the `header-user` integration so it matches
the actual `HeaderUser` behavior: it returns nothing when `!isAuthenticated` and
only shows the avatar and “Sign out” state when signed in.

---

Nitpick comments:
In
`@packages/create/src/frameworks/react/add-ons/descope/assets/src/routes/demo/descope.tsx`:
- Around line 44-55: The “Built with DESCOPE” anchor markup is duplicated in
both SignedOut and SignedInGreeting, so extract it into a shared
DescopeAttribution component in descope.tsx and replace both inline blocks with
that component. Keep the shared link markup identical in both places, and in
SignedInGreeting prepend the existing “Sign out from the avatar in the header.”
text before DescopeAttribution so both views stay consistent.
- Around line 38-42: The Descope widget is hardcoded to a light theme, so it
won’t follow the app’s dark-mode support. Update the <Descope> usage in the demo
route to pass a dynamic theme value based on the current color scheme (or the
SDK’s auto mode if available), and keep the existing onError handling unchanged.
Use the <Descope> component and its theme prop as the main touchpoints when
making the change.

In `@packages/create/src/frameworks/react/add-ons/descope/README.md`:
- Around line 26-33: The route-protection example in the Descope README uses a
non-existent RedirectToSignIn component, so update the example to avoid implying
it is available. In the ProtectedPage snippet, either add an inline note that
RedirectToSignIn is placeholder pseudocode the user must implement, or replace
it with the actual TanStack Router redirect pattern. Keep the guidance tied to
ProtectedPage and RedirectToSignIn so readers understand what must be changed.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6579b9d0-eeb2-449f-9297-ccc8b61e9a68

📥 Commits

Reviewing files that changed from the base of the PR and between 12c31df and 5b4ecb4.

⛔ Files ignored due to path filters (2)
  • packages/create/src/frameworks/react/add-ons/descope/logo.svg is excluded by !**/*.svg
  • packages/create/src/frameworks/react/add-ons/descope/small-logo.svg is excluded by !**/*.svg
📒 Files selected for processing (8)
  • .changeset/descope-auth-addon.md
  • packages/create/src/frameworks/react/add-ons/descope/README.md
  • packages/create/src/frameworks/react/add-ons/descope/assets/_dot_env.local.append
  • packages/create/src/frameworks/react/add-ons/descope/assets/src/integrations/descope/header-user.tsx
  • packages/create/src/frameworks/react/add-ons/descope/assets/src/integrations/descope/provider.tsx
  • packages/create/src/frameworks/react/add-ons/descope/assets/src/routes/demo/descope.tsx
  • packages/create/src/frameworks/react/add-ons/descope/info.json
  • packages/create/src/frameworks/react/add-ons/descope/package.json

Comment on lines +8 to +11
if (isSessionLoading || !isAuthenticated) return null

const email = user?.email
const initial = (user?.name || email || 'U').charAt(0).toUpperCase()

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check the `@descope/react-sdk` type definitions for useUser return shape
fd -t f 'react-sdk' -e d.ts node_modules/@descope 2>/dev/null | head -5
# If not found in node_modules, check the package's exported types
rg -n 'useUser' --type=ts -A5 packages/create/src/frameworks/react/add-ons/descope/ 2>/dev/null

Repository: TanStack/cli

Length of output: 2891


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect the local component and any nearby docs or examples for Descope hook usage.
sed -n '1,120p' packages/create/src/frameworks/react/add-ons/descope/assets/src/integrations/descope/header-user.tsx
printf '\n---\n'
sed -n '1,140p' packages/create/src/frameworks/react/add-ons/descope/assets/src/routes/demo/descope.tsx
printf '\n---\n'
rg -n 'isUserLoading|useUser\(|useSession\(' packages/create/src/frameworks/react/add-ons/descope -A3 -B3

# Try to locate installed type definitions or source for `@descope/react-sdk` in the repo/cache.
printf '\n---\n'
fd -a 'react-sdk' . 2>/dev/null | head -50
printf '\n---\n'
fd -a 'descope' . 2>/dev/null | head -50

Repository: TanStack/cli

Length of output: 7987


🌐 Web query:

@descope/react-sdk useUser loading state isUserLoading useSession user loading documentation

💡 Result:

In the Descope React SDK, the hooks useSession and useUser are used to manage authentication and user data. Both hooks provide specific boolean flags to track loading states, which are essential for handling UI transitions while the SDK initializes or refreshes authentication status [1][2][3]. Key Loading State Hooks: - useSession: Returns isSessionLoading (a boolean) to indicate whether the session state is currently being fetched or validated [1][2][4]. - useUser: Returns isUserLoading (a boolean) to indicate whether user profile information is currently being fetched [1][3]. Best Practices for Implementation: - Usage within AuthProvider: These hooks must be used within an AuthProvider context [1][2]. If used outside of this context, they will throw an error [1][2]. - Conditional Rendering: You should check both isSessionLoading and isUserLoading before rendering protected content to ensure the application waits for the authentication process to complete [1][2][3]. Example Pattern: const { isAuthenticated, isSessionLoading } = useSession; const { user, isUserLoading } = useUser; if (isSessionLoading || isUserLoading) { return

Loading...
; // Render a loading indicator } if (!isAuthenticated) { return
Please log in
; // Handle unauthenticated state } return
Welcome, {user.name}
; // Render authenticated content Important Technical Consideration: Historical versions of the SDK (and potentially certain environments) may face issues where loading states remain true indefinitely if network requests fail during a proactive refresh [5]. Ensuring you are using a recent version of the SDK helps mitigate these issues, as updates have been implemented to ensure loading states are cleared regardless of whether the fetch succeeds or fails [5]. Note on variations: Depending on the specific version or wrapper (such as @descope/react-sdk vs @descope/nextjs-sdk), you may occasionally see different naming conventions like isLoading instead of isSessionLoading in some documentation examples [6], but isSessionLoading and isUserLoading are the standard, widely-documented properties for these specific hooks in current releases [1][2][3].

Citations:


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Find the installed package version if present in lockfiles.
rg -n '"`@descope/react-sdk`"|`@descope/react-sdk`' package.json package-lock.json pnpm-lock.yaml yarn.lock npm-shrinkwrap.json -A2 -B2 || true

# Look for any vendored type definitions or docs in the repo that mention useUser fields.
rg -n 'isUserLoading|userLoading|useUser.*loading|useUser' . -g '!**/node_modules/**' -g '!**/dist/**' -g '!**/build/**' -A3 -B3 || true

# If the package is installed in the sandbox cache, inspect exported declarations without executing repo code.
python3 - <<'PY'
import os, glob
candidates = []
for base in [os.getcwd(), '/tmp', '/workspace', '/root/.npm', '/root/.cache']:
    for p in glob.glob(base + '/**/@descope/react-sdk*', recursive=True):
        if os.path.isdir(p):
            candidates.append(p)
print('\n'.join(candidates[:50]))
PY

Repository: TanStack/cli

Length of output: 5146


🌐 Web query:

site:descope.com/docs/react-sdk useUser isUserLoading useSession isAuthenticated

💡 Result:

In Descope React SDK:

  • useSession() returns isAuthenticated and isSessionLoading. (docs.descope.com)
  • useUser() returns user and isUserLoading. isUserLoading means the user object is still loading. (docs.descope.com)
  • Both hooks must be used inside AuthProvider. (docs.descope.com)

Typical usage:

const { isAuthenticated, isSessionLoading } = useSession()
const { user, isUserLoading } = useUser()

Also, Descope notes that useSession() triggers a session refresh request automatically. (docs.descope.com)

Citations:


🏁 Script executed:

#!/bin/bash
set -euo pipefail
sed -n '1,200p' packages/create/src/frameworks/react/add-ons/descope/assets/src/integrations/descope/header-user.tsx

Repository: TanStack/cli

Length of output: 1264


Gate the avatar on isUserLoading as well. useUser() exposes a loading flag, so this component can render the 'U' fallback before the profile arrives; wait for user loading to finish before showing the initial.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@packages/create/src/frameworks/react/add-ons/descope/assets/src/integrations/descope/header-user.tsx`
around lines 8 - 11, The avatar initial in header-user.tsx is rendered before
the user profile has finished loading, which can show the fallback too early.
Update the HeaderUser component to also guard on isUserLoading alongside
isSessionLoading and isAuthenticated, and only compute/render the initial after
user loading completes so the `useUser()` data is available before using
`user?.name` or `user?.email`.

Comment on lines +24 to +30
<button
type="button"
onClick={() => sdk.logout()}
className="rounded-xl px-3 py-1.5 text-sm font-semibold text-[var(--sea-ink-soft)] transition hover:bg-[var(--link-bg-hover)] hover:text-[var(--sea-ink)]"
>
Sign out
</button>

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== File outline ==\n'
ast-grep outline packages/create/src/frameworks/react/add-ons/descope/assets/src/integrations/descope/header-user.tsx --view expanded || true

printf '\n== Relevant file contents ==\n'
cat -n packages/create/src/frameworks/react/add-ons/descope/assets/src/integrations/descope/header-user.tsx

printf '\n== Search for logout definitions/usages ==\n'
rg -n "logout\\(" packages/create/src/frameworks/react/add-ons/descope -g '!**/node_modules/**' || true

Repository: TanStack/cli

Length of output: 1873


🌐 Web query:

Descope React SDK logout() returns Promise logout documentation

💡 Result:

The logout method provided by the Descope React SDK (accessed via the useDescope hook) returns a Promise, allowing you to use async/await syntax to handle post-logout logic such as navigation [1]. While some documentation examples show the method called without awaiting it [2], it is standard practice and recommended to await the logout call to ensure the session has been successfully invalidated before proceeding with client-side actions, such as redirecting the user to a login page [1]. Example usage: const { logout } = useDescope; const navigate = useNavigate; const handleLogout = async => { await logout; navigate('/login'); };

Citations:


Handle the sdk.logout() promise
sdk.logout() returns a Promise, so the current click handler can drop a rejection on logout failure. Add a catch/await path and surface a failure state or fallback.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@packages/create/src/frameworks/react/add-ons/descope/assets/src/integrations/descope/header-user.tsx`
around lines 24 - 30, The Sign out click handler in header-user.tsx ignores the
Promise returned by sdk.logout(), so logout failures can become unhandled
rejections. Update the onClick path around sdk.logout() to await it or attach a
catch, and surface a visible fallback or error state from this component so
failures are handled cleanly.

### What's wired up

- **`<AuthProvider>`** at the app root (`src/integrations/descope/provider.tsx`) supplies auth context to the whole tree
- **Header user menu** (`src/integrations/descope/header-user.tsx`) swaps between a "Sign in" link and the signed-in avatar + "Sign out"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Header user menu does not render a "Sign in" link.

The README states the header user menu "swaps between a 'Sign in' link and the signed-in avatar + 'Sign out'". However, header-user.tsx returns null when !isAuthenticated — there is no "Sign in" link. Update the documentation to match the actual behavior.

-- **Header user menu** (`src/integrations/descope/header-user.tsx`) swaps between a "Sign in" link and the signed-in avatar + "Sign out"
+- **Header user menu** (`src/integrations/descope/header-user.tsx`) renders the signed-in avatar + "Sign out" button (hidden when signed out)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- **Header user menu** (`src/integrations/descope/header-user.tsx`) swaps between a "Sign in" link and the signed-in avatar + "Sign out"
- **Header user menu** (`src/integrations/descope/header-user.tsx`) renders the signed-in avatar + "Sign out" button (hidden when signed out)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/create/src/frameworks/react/add-ons/descope/README.md` at line 16,
The README description for the Descope header user menu is inaccurate because
`header-user.tsx` does not render a “Sign in” link when unauthenticated. Update
the documentation text for the `header-user` integration so it matches the
actual `HeaderUser` behavior: it returns nothing when `!isAuthenticated` and
only shows the avatar and “Sign out” state when signed in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant