v1.5.4

Breaking changes

• Update of the ConfigureMetadata SSO function: We've added two new parameters to the ConfigureMetadata function - redirectURL, domain. This is to complete the SSO configuration options when using the metadata URL option.
  Please notice that this breaks compilation of the ConfigureMetadata function.

Enhancements

• Load tenant by ID: We added an option to load a specific tenant, using the Load tenant function.
• Tenant Name in user object: We added the tenant name as part of the user object, under AssociatedTenants.[0].TenantName.

v1.5.3

Enhancements

• Get a user's OAuth provider tokens: When using your own OAuth provider account, you can now choose to request additional scopes and have the provider's access tokens managed by Descope. When needed, those can be fetched using the GetProviderToken function, which retrieves the token for your application to use.
• Configure cookie's same-site: We now allow configuring the cookie's same-site policy, using the SessionJWTCookieSameSite config property. This is mainly needed when working in a development environment, and is not recommended to be used in production.
• Update a user's login ID: You can now update a user's login IDs using the UpdateLoginID function. By providing a new value, it will replace the existing one, and by leaving it empty - it will delete the login ID. More information can be found in the SDK's README.
• Set a user's email or phone verification status: When updating a user, there's now an option to define if the phone or email provided are verified or not.
• Search over audit logs: You can now filter over Descope's audit logs using the search audit function. For a full list of filter options see function's documentation.
• List flows function: Use the ListFlows function to get a list of all flows in a project. This is especially useful when using custom flows, and building automations around flow management.
• Documentation enhancements: Additional explanations were added to our SDK's README and examples.

Bug fixes

• Tenant validation functions: Fixed a bug that resulted in some scenarios in which the ValidateTenantRoles and ValidateTenantPermissions functions returned the wrong results.

v1.5.2

Enhancements

• Set and expire user passwords: You can now expire a user's password using the ExpirePassword function, which will make the user reset it on their next authentication. There's also the option to set a new one using the SetPassword function; notice that even when choosing a password, the user will still need reset it on their next authentication.
• Delete a tenant's SAML configuration: Using the DeleteSettings function, you can define which tenant's SAML configuration should be deleted.
• Helper functions on tokens: New helper functions on tokens were added, including:
  • IsPermitted - Checks to see if the token has a specific permission configured.
  • IsPermittedPerTenant - Checks to see if the token has a specific permission configured for a specific tenant.

v1.5.1

Enhancements

• Fetch domain when querying the tenant SSO configuration: When fetching a tenant's SSO configuration, we added the domain information, which is how we associate the tenant with the relevant SSO server it uses for authentication.
• Dedicated user update commands: We added the UpdatePicture and the UpdateCustomAttribute commands for your convenience. This is in addition to the generic user Update command.

v1.5.0

Breaking changes

• User custom attributes 💫 : We're glad to announce that we now support adding custom attributes to the user object! The default user object is great, but sometimes you want to keep a bit more information on it for your app's needs.
  Creation of the attributes are done from the Descope Console, and you can find them in the user object under the customAttributes property. Option to set, update and delete the values are also available from the SDK.
  Please notice that this breaks compilation for the following user functions: Create, Invite, Update, CreateTestUser.
• Add a Login ID to the user upon update: When updating a user's phone or email (via OTP / Magic Link / Enchanted Link), you can decide if to make that new value part of the user's Login IDs so that they can later on authenticate with them.
  There can be times where an existing user with the new identifier already exists in your user database - so a merging strategy needs to be defined as well.
  All of this can be done using the updateOptions object.
  Please notice that this breaks compilation for the following functions: UpdateUserEmail, UpdateUserPhone.

Enhancements

• User picture update: You can now update the user's picture using the new user Picture property.
• Get tenant SSO configuration: Using the GetSettings function, you can now fetch a specific tenant's SSO configuration. Example on how to do so in the repo's README, under the 'Manage SSO Settings' section.

Bug fixes

• Readme updates: Fixed some missing arguments and typos in the repo's README.

v1.1.0

Breaking changes

• Masked email and phone dynamic values: We updated some of the authentication methods' responses to return a masked value of the user's verification identifier. Use the maskedAddress parameter when working with OTP / Magic Link / Enchanted Link to present it in Flow Screens or your own proprietary UI.

Enhancements

• Passwords for user authentication: Descope now supports usage of passwords. You can design your authentication flow to include password authentication, update a user's password when expired, and more.
• Import and export of Flows and Themes: If you want to export or import flows and themes from one project to another - you can do so now with supporting commands, such as ExportFlow. Examples can be found in the SDK's README.
• User testing utility for your E2E tests: When using authentication methods such as OTP / Magic Link / Enchanted Link, it can get cumbersome to automatically test those as part of the app’s testing process. To close this loop - we released a utility with which you can create test users. Those special users are enabled to generate codes or links without the need of 3rd party messaging services.
  You can create, fetch and delete test users - all part of your integration tests code! More information, along with examples, can be found in the SDK's README.
• Invite users via management commands: Use the new Invite User command to programmatically invite users to your project. Just like in the console, you can control which tenants and roles will be associated to the invited users.
• Pagination support for Users: We now support the ability to paginate the SearchAll User response. Use the page parameter in the UserSearchOptions object to define how many results should return in each page.

Bug fixes

• Error code fixes: Missing arguments error (ErrMissingArguments) and Invalid arguments error (ErrInvalidArguments) were switched; those have now been fixed.

v1.0.0

Breaking changes

• SameSite=Strict Cookies: We changed the configuration of cookies so that they are SameSite=Strict.
  For more information on how to configure custom domains correctly - visit our documentation.
• Upgraded SSO configuration options: We upgraded SSO management function, so that they now support configuring the domain parameter, which is used for auto registering new users to a specific tenant, if their identifiers are from the defined domain.

v0.9.4

Breaking changes

• 🚨 Session and Refresh token split 🚨: Session validation and refresh tokens have been split in order to allow more control over session management.
  3 new functions have been added, 2 variations each (a total of 6), with a more predictable and straightforward behavior:

* `ValidateSessionWithRequest` - only validates the session - searches for session token in the request.
* `ValidateSessionWithToken` - only validates the session - receives token as input.
* `RefreshSessionWithRequest` - refreshes a session - searches for session token in the request.
* `RefreshSessionWithToken` - refreshes a session - receives token as input.
* `ValidateAndRefreshSessionWithRequest` - combines the two, validate and refresh as needed - searches for tokens in the request.
* `ValidateAndRefreshSessionWithTokens` - combines the two, validate and refresh as needed - receives tokens as input.

These function replace the following which have been removed:

* `ValidateSession` - replaced by `ValidateAndRefreshSessionWithRequest` with the change of requiring both tokens.
* `ValidateSessionTokens` - replaced by `ValidateAndRefreshSessionWithTokens` with the change of requiring both tokens.
* `RefreshSession` - replaced by `RefreshSessionWithRequest` and `RefreshSessionWithToken`, behavior remains with more consistent naming and input validation.

• 👀 Reorganization of packages 👀 : We introduces a new package for our Descope client:
  • Instead of generating the Descope client with descope.NewDescopeClient, you should now use client.New.
  • The rest of the public symbols are now under the descope package.
• User function update: Along with adding support for user attribute update actions (such as UpdateDisplayName), we also changed a few things in the existing response:
  • Create and Update user commands will now return the user object in the response, on top of user errors.
  • Status attribute is now also included in the UserResponse object (not breaking).

Enhancements

• Documentation enhancements: Multiple enhancements to our SDK documentation, including the README and some management related examples.
• Error handling: In order to make our errors as clear and convenient as possible for the Descoper, we redesigned the way they are created, experienced (on various levels) and handled. This change includes:
  • A new descope.Error object - for a unified error object from both client and server errors.
• Rate limiting: In order to maintain our stable performance, and provide a good experience to all of our customers, we added SDK and API rate limits. You can read more in our documentation.
• Cookie domain configuration: Cookie domain can now be set via the client config; this configuration will take precedence over the domain configured in the Descope console.
• Support single token in validate and refresh commands: Both sessionToken and refreshToken functions support a single token behavior:
  • If only the sessionToken is provided - default to a 'validate only' behavior (validateSession)
  • If only the refreshToken is provided - default to a 'refresh only' behavior (refreshSession)

v0.9.3

Breaking changes

• Rename of External ID to Login ID: In order to clarify and align the various user identifiers used in our system - we've decided to rename ExternalID to LoginID.
• Rename Tenant Association attribute: UserTenants has been renamed to AssociatedTenant. This is used in both Users and Access Keys.

Enhancements

• SCIM support 🚀 : We now support SCIM related actions, including: user updates, group updates, user creation, and more! This means you can automatically sync users in Descope with your own IdP, and not have to deal with building a custom automation around it.
• Support Access Keys management via API: Actions for Access Keys management, including: create, update, delete, load, search, deactivate and activate.
• User picture in user response: There are some providers that return the user's picture in the response. It is now also returned in the UserResponse object.

Bug fixes

• Refresh JWT parsing from cookie: In our latest release, we updated that we always include the Refresh JWT in our verification response. When working with cookies, the parsing failed and it returned an empty Refresh JWT. This was quickly found and fixed.

v0.9.2

Breaking changes

• Session JWT in verification response: Up until now, the Session JWT was sent in a cookie by default. We decided to change it so that
  the Descoper has the power to control whether the Session JWT is handled by the calling function or sent in a cookie (using the SessionJWTViaCookie flag).
  • By default, the Session JWT is returned to the calling function. This is because it can grow to a relatively big size (especially when using Authorization and Custom Claims).
  • Use cookie if the Session JWT is relatively small (less than 1KB); examples for the latter are available in the examples folder in this repo.
• JWT validation timeframe: As the JWT validation process is time sensitive (both for creation and expiration), we have decided to increase the difference we allow between Descope and the Descoper. It is now set to 5 seconds.

Enhancements

• Refresh JWT will always be available in verification response: We adjusted our authentication verification response to always include the Refresh JWT.
• Fixed Enchanted Link example: As mentioned in the previous release, we updated one of Enchanted Link's attribute's name, which required an update of the example it's used in.
• API to load all tenants: New API that returns a list of all the tenants in the project.
• API to load user by JWT Subject: New API that returns a user object, queried by its JWT Subject.
• Readme updates: Updated the README of the repo, to make newcomers' lives even easier than before!