descope/go-sdk v1.6.1

on GitHub

Breaking changes

• Support multiple domains for tenant: There's an option to automatically associated a user to a tenant based on the user's email domain. Sometimes the same tenant can 'accept' multiple domains - so that's supported now!
  Please notice that this breaks compilation - considering this value is now an array and not a string.
• CloneProject response removed: We understood that the project information that currently returned in the CloneProject function is redundant, and that it should be removed (and if it's needed - the ExportProject function will do).
  This change breaks compilation - since there's no response from the function now.
• Support PBKDF2 encoding: Some systems encode passwords with the PBKDF2 hashing mechanism, so we added support for importing those hashes into Descope using the InviteBatch function. See the example in the SDK's README.
  Notice that this update does break compilation.
• Use external information in email/text message templates: Just like custom flow inputs, you can now provide custom template inputs that can be added to the email/text message template upon runtime. For example, you can choose to pass the user's IP into the template, to present upon verification.
  Considering the various functions involved (such as SignUp) include another parameter - compilation will break.

Enhancements

• 😮 Tenant SSO - supporting SAML and OIDC: We've recently expanded our tenant SSO support to both SAML and OIDC configurations, so we created a set of generic SSO commands that replace the existing SAML ones.
  Using the dedicated SSOSAMLSettings, SSOSAMLSettingsByMetadata and SSOOIDCSettings objects, along with their matching functions, you can define a tenant's SSO configuration settings.
  This also means that dedicated SAML authentication commands are now deprecated, and we encourage you to update your code to use the new commands:
  • SAML.ExchangeToken >> SSO.ExchangeToken
  • SAML.Start >> SSO.Start
  • GetSettings >> LoadSettings
  • ConfigureSettings >> ConfigureSAMLSettings
  • ConfigureMetadata >> ConfigureSAMLSettingsByMetadata
• Applications management: Applications, also known as SSO Applications, are used to integrate with an application using SAML or OIDC. Under the SSOApplication object, you can find an option to create, load, update and delete applications in a specific project. Find out more about applications in our documentation.
• Associate an application to a user: You can decide to associate one or more application to a user, thus controlling which of your users has access to those apps. If the user doesn't have access - no JWT will be generated and the authentication to that application will fail.
• Tenant level settings: We've exposed some session management configurations, as well as password policy configurations, to be set on the tenant's level. Just like the console support - we also configuration of those tenant level settings via the SDK.
• Delete a flow: Using the DeleteFlows function, you can delete one or more flows.
• Free search and sorting in users: Two new parameters were added to the SearchAll users function: text will allow searching any text value in all user attributes; sort will allow sorting the returned values alphabetically by attribute name.
• Get recent changes in Authz schema definition: We added the GetModified authz function, to be able to understand which new targets and resources were created or updated since a certain time.

Bug fixes

• Expose missing functionalities when testing users: The MethodEmbedded parameter and the loginOptions function were not exposed for usage when using test users, so we fixed it.
• README fixes: Some updates to the README were made to clarify some of the explanations there.