1.7.3

Enhancements

• Multi-SSO support in tenants: In order to support multi-SSO tenants, and extra configuration of the sso_id parameter has been added to the SSO start function.
• Configurable expiration time of JWT: We added support to configure the JWT's expiration time, using the update_jwt function.
• Search users by dates: An option to filter user searches based on their creation time or modified time, using the search_all function.
• TOTP seed deletion via management SDK: The function remove_totp_seed supports removing a TOTP seed for a specific user, based on their login ID.
• README enhancements: Tiny adjustments to our README, to provide better examples.

Bug fixes

• Fixed API rate limiting message parsing: We made sure Descope's service rate limiting messages are delivered and parsed properly.

1.7.2

Enhancements

• Impersonation JWT configurations: We've expanded the impersonate function to allow passing custom_claims as well as tenant_id, so that the created JWT will include that information.

1.7.1

Enhancements

• FGA 2.0 support: Now that we've revamped our FGA support, we also updated our SDK functions. Under mgmt.fga we now support 4 more functions:
  • save_schema - Creates a new schema for the project.
  • create_relations - Creates new relations for the project.
  • delete_relations - Deletes relations for the project.
  • check - Checks if the given relations are satisfied.
• Template ID configuration for invitations: Continuing the effort from our previous release, we've added the option to configure the template_id parameter when sending invitations to users.

1.7.0

Breaking changes

• Support dropped for python 3.7: Python 3.7 has been deprecated for over a year now, and after thorough checks and validations we came to the conclusions that our customers don't use it either - so we decided to drop the support for it.
  If you are using this version, it is highly advised to upgrade to a later version.

Enhancements

• Revoke other user sessions: We added a new configuration in LoginOptions called revoke_other_sessions. This new configuration will expire all JWTs created other than the one in the request. This is useful for signing the user out of all their sessions, except for the current one.
• Test user searching: We added a new function named search_all_test_users, to filter over test users. Learn more from our SDK's README.
• Template ID configuration: We added a new parameter named template_id to all 'sign up' / 'sign in' / 'sign up or in' functions, to allow controlling which custom email/sms template should be used by the function. This will override the default configuration set in the project's 'Authentication Methods' page.
• Enhanced functionality for adding user roles: With this new version of the add_role function, you can add a role to an existing user not just on the project level, but also on the tenant level. If the tenant isn't already associated with the user, it will happen as part of this command.

Full Changelog: 1.6.10...1.7.0

1.6.10

Enhancements

• Audience claim configuration in verification process: We now allow passing the audience claim explicitly when verifying the session token. The new audience parameter in the exchange_token function can receive any string value, or stay empty by default.

1.6.9

Breaking changes

• Scalable user searching: We’ve made some improvements to enhance the scalability of our system to better support increased usage. These changes allow us to handle increased demand more efficiently, ensuring a smoother experience for all our customers.
  As part of this update, there may be a delay (up to 100ms) in accessing newly written or updated user data from the search user endpoints. If you have any questions, feel free to reach out!

Enhancements

• User tenant API: We added an option to fetch a specific user's tenant(s) information from an active session. Using the new my_tenants function, you can query a current user's sessions' tenants details. See the example in the SDK's README.
• Tenant created time: We added the tenant's creation time when loading the tenant (both in load and load_all functions).

1.6.8

Enhancements

• Project tags: Projects now have a tags attribute - a list of strings that can be used to distinguish your projects. Those can be updated using the update_tags command.

Bug fixes

• JWT rotation enablement: We fixed a bug that we found that caused the JWT rotation feature not to work with this specific SDK. This gap was fixed and now the feature is working properly.

1.6.7

Enhancements

• Access key descriptions and permitted IPs list: Access key descriptions can now be set - both from the console as well as the SDK. This also applies for permitted IPs (the source IP that is used by the access key upon request) - which supports both single IP addresses as well as CIDRs.
• Application sign-out URL: We've added an option to configure a specific application sign-out URL using the logout_redirect_url param in SAML related functions. This is useful when Descope is your IdP, and you want to sign a user out of Descope when they sign out from their SP.
• User interaction override: With the force_authentication flag in applications, you can force end user to interact in a specific way with Descope (as IdP), regardless of the SP's settings.

Bug fixes

• Audit timestamps weren't datetimes: the from and to audit parameters were fixed to be returned as proper datetime (timestamp) objects.

1.6.6

Enhancements

• Custom audit events: We've added the function create_event to our audit object, that allows you to generate your own custom audit events. You can also create your custom audit event to provide different data than that provided by Descope.
• Option to automatically delete related users/access keys when deleting their associated tenant: We've added an option to handle auto-deletion of 'orphaned' users and access keys when their last tenant is deleted. When deleting a tenant, you can use the new cascade flag to indicate that if part of the tenant's users/access keys are left with no tenant association - they will also be deleted from the project.
• ReBAC relationship checker: We added a new function what_can_target_access_with_relation to check what resources a user has access, per the application's ReBAC schema. Search is recursive.
• TOTP seed migration: When batch importing users into Descope, you can specify collecting their TOTP seed as part of the migration. If provided in the data, that seed will now be associated with the user and the next authentication will be seamless.
• Force refresh of OAuth/OIDC provider token: Current refresh of provider token is based on its expiration time. There are some cases in which the provider doesn't return the expiration, and for that we aded the forceRefresh parameter when using the user_get_provider_token function - to force refreshing the provider token.

1.6.5

Enhancements

• OTP via voice: In addition to sending OTP via SMS or email - we now support a third delivery method - voice call, with the DeliveryMethod.VOICE option.