{"name":"Descope","slug":"descope","category":"auth","type":"cloud","website":"https://descope.com","pricing":"freemium","pricing_tiers":["Free up to 7.5k MAU","$0.05/MAU Pro","Custom Enterprise"],"open_source":false,"self_hosted":false,"sdk_languages":["javascript","typescript","python","go","java"],"frameworks":["langchain","vercel-ai","openai-agents"],"agent_features":{"agent_sdk":true,"token_delegation":true,"human_in_the_loop":true,"fga":true,"mcp_support":true,"async_authorization":true},"compliance":["soc2","gdpr"],"best_for":"AI agent auth from day one; built specifically for agentic workflows including MCP server authorization","limitations":"Newer product with smaller community and ecosystem compared to Auth0 or Clerk; enterprise support is still maturing","verified_by":"editorial","last_verified":"2026-04-17","source_urls":{"changelog":"https://docs.descope.com/changelog","pricing":"https://www.descope.com/pricing","docs":"https://docs.descope.com"},"feature_labels":{"agent_sdk":"Dedicated SDK for agentic workflows — agent sessions, token lifecycle, and authorization requests","token_delegation":"Issue scoped tokens an agent can use downstream without exposing user credentials","human_in_the_loop":"Pause agent execution and require explicit user approval before proceeding","fga":"Fine-Grained Authorization — relationship-based or attribute-based access control, not just role-based","mcp_support":"Native OAuth/OIDC authorization layer for Model Context Protocol servers","async_authorization":"Non-blocking approval workflows — agent continues and gets notified when approval is granted"},"comparisons":[{"slug":"auth0-vs-descope","title":"Auth0 vs Descope","vs":"auth0"},{"slug":"clerk-vs-descope","title":"Clerk vs Descope","vs":"clerk"},{"slug":"cognito-vs-descope","title":"Amazon Cognito vs Descope","vs":"cognito"},{"slug":"descope-vs-firebase-auth","title":"Descope vs Firebase","vs":"firebase-auth"},{"slug":"descope-vs-keycloak","title":"Descope vs Keycloak","vs":"keycloak"},{"slug":"descope-vs-ory","title":"Descope vs Ory","vs":"ory"},{"slug":"descope-vs-stytch","title":"Descope vs Stytch","vs":"stytch"},{"slug":"descope-vs-supabase-auth","title":"Descope vs Supabase","vs":"supabase-auth"},{"slug":"descope-vs-workos","title":"Descope vs WorkOS","vs":"workos"}],"body":"# Descope\n\nDescope is notable for being one of the few auth providers that explicitly targets AI agent developers as a primary audience, not an afterthought. The product includes native support for MCP (Model Context Protocol) server authorization, human-in-the-loop approval flows, and async authorization — all designed with agentic workflows in mind.\n\nThe AI/agent SDK covers token delegation, scoped access for agents acting on behalf of users, and fine-grained authorization rules. MCP support is the standout differentiator — if you're building or consuming MCP servers, Descope has native tooling for it.\n\nThe tradeoff is maturity. Descope is newer than Auth0 or Clerk, and the ecosystem (community resources, third-party integrations, StackOverflow coverage) reflects that. For greenfield agent projects, that's less of a concern; for teams that need battle-tested infrastructure, it's worth weighing.\n\n**Agent-specific features:**\n- Native MCP server authorization\n- Human-in-the-loop approval workflows\n- Async authorization for non-blocking agent approval requests\n- Token delegation for downstream service access\n- FGA for fine-grained permission modeling"}