feat: add Descope#7756
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughThis PR adds a new TanStack Start React example for Descope authentication, including example docs and scaffolding, Descope session middleware and server helpers, router/root setup, and login/logout/protected routes. ChangesDescope example app
Estimated code review effort: 3 (Moderate) | ~30 minutes Possibly related PRs
Suggested labels: Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@examples/react/start-descope/.gitignore`:
- Around line 15-16: The .gitignore entry is malformed because the Sentry
comment is attached to the /public/build ignore pattern, so the pattern is not
applied correctly. Update the ignore rules in the .gitignore file for the react
start-descope example so /public/build stands alone and the Sentry Config File
note is placed on its own separate comment line before .env.sentry-build-plugin.
In `@examples/react/start-descope/package.json`:
- Around line 18-19: The dependency versions for `@tanstack/react-router` and
`@tanstack/react-router-devtools` are out of sync, which can lead to
incompatibilities. Update the `@tanstack/react-router-devtools` entry in
package.json to match the same minor version as `@tanstack/react-router`, and keep
the versions aligned so both packages resolve together consistently.
In `@examples/react/start-descope/src/integrations/descope/session.server.ts`:
- Around line 49-55: The rotated session cookie set in session.server.ts via the
SESSION_COOKIE write should be marked secure because it stores a JWT in a
browser cookie. Update the cookie options in the authInfo.jwt rotation path to
include the secure flag alongside the existing httpOnly, sameSite, and path
settings so it is only sent over HTTPS.
In `@examples/react/start-descope/src/routes/logout.tsx`:
- Around line 15-30: The logout flow in doLogout only catches errors from
sdk.logout(), so failures in clearServerSession(), router.invalidate(), or
router.navigate() can reject unhandled and leave the user stuck on the
signing-out screen. Wrap the post-logout cleanup/navigation steps in the same
try/catch (or a second one around the remaining awaits) and ensure errors are
logged while still allowing the UI to recover. Keep the existing
useEffect/doLogout structure, but make the full logout sequence resilient to any
thrown promise from clearServerSession, router.invalidate, and router.navigate.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 0352abff-733f-405d-86cc-fe8b4b73ce7a
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (30)
docs/start/config.jsondocs/start/framework/react/getting-started.mdexamples/react/start-descope/.devcontainer/devcontainer.jsonexamples/react/start-descope/.env.exampleexamples/react/start-descope/.gitignoreexamples/react/start-descope/.prettierignoreexamples/react/start-descope/.vscode/settings.jsonexamples/react/start-descope/README.mdexamples/react/start-descope/package.jsonexamples/react/start-descope/src/components/DefaultCatchBoundary.tsxexamples/react/start-descope/src/components/DescopeLogo.tsxexamples/react/start-descope/src/components/NotFound.tsxexamples/react/start-descope/src/integrations/descope/middleware.tsexamples/react/start-descope/src/integrations/descope/provider.tsxexamples/react/start-descope/src/integrations/descope/server.tsexamples/react/start-descope/src/integrations/descope/session.server.tsexamples/react/start-descope/src/routeTree.gen.tsexamples/react/start-descope/src/router.tsxexamples/react/start-descope/src/routes/__root.tsxexamples/react/start-descope/src/routes/_authed.tsxexamples/react/start-descope/src/routes/_authed/profile.tsxexamples/react/start-descope/src/routes/index.tsxexamples/react/start-descope/src/routes/login.tsxexamples/react/start-descope/src/routes/logout.tsxexamples/react/start-descope/src/start.tsexamples/react/start-descope/src/styles/app.cssexamples/react/start-descope/src/utils/seo.tsexamples/react/start-descope/tsconfig.jsonexamples/react/start-descope/vite.config.tspnpm-workspace.yaml
| "@tanstack/react-router": "^1.170.17", | ||
| "@tanstack/react-router-devtools": "^1.167.0", |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
Version mismatch between @tanstack/react-router and @tanstack/react-router-devtools.
@tanstack/react-router is at ^1.170.17 while @tanstack/react-router-devtools is at ^1.167.0. The devtools package should track the same minor version as the router to avoid API incompatibilities. With ^ ranges, the devtools could resolve to a version several minors behind the router.
🔧 Proposed fix
- "`@tanstack/react-router-devtools`": "^1.167.0",
+ "`@tanstack/react-router-devtools`": "^1.170.0",📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| "@tanstack/react-router": "^1.170.17", | |
| "@tanstack/react-router-devtools": "^1.167.0", | |
| "`@tanstack/react-router`": "^1.170.17", | |
| "`@tanstack/react-router-devtools`": "^1.170.0", |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@examples/react/start-descope/package.json` around lines 18 - 19, The
dependency versions for `@tanstack/react-router` and
`@tanstack/react-router-devtools` are out of sync, which can lead to
incompatibilities. Update the `@tanstack/react-router-devtools` entry in
package.json to match the same minor version as `@tanstack/react-router`, and keep
the versions aligned so both packages resolve together consistently.
This PR introduces a TanStack Start sample app showcasing Descope authentication and adds it to the documentation.
Cap.2026-07-08.at.14.47.43.mp4
Summary by CodeRabbit