Breaking changes
- Session JWT in verification response: Up until now, the Session JWT was sent in a cookie by default. We decided to change it so that
the Descoper has the power to control whether the Session JWT is handled by the calling function or sent in a cookie (using theSessionJWTViaCookie
flag).- By default, the Session JWT is returned to the calling function. This is because it can grow to a relatively big size (especially when using Authorization and Custom Claims).
- Use cookie if the Session JWT is relatively small (less than 1KB); examples for the latter are available in the
examples
folder in this repo.
- JWT validation timeframe: As the JWT validation process is time sensitive (both for creation and expiration), we have decided to increase the difference we allow between Descope and the Descoper. It is now set to 5 seconds.
Enhancements
- Refresh JWT will always be available in verification response: We adjusted our authentication verification response to always include the Refresh JWT.
- Fixed Enchanted Link example: As mentioned in the previous release, we updated one of Enchanted Link's attribute's name, which required an update of the example it's used in.
- API to load all tenants: New API that returns a list of all the tenants in the project.
- API to load user by JWT Subject: New API that returns a user object, queried by its JWT Subject.
- Readme updates: Updated the README of the repo, to make newcomers' lives even easier than before!