Enhancements
- Force refresh of OAuth/OIDC provider token: Current refresh of provider token is based on its expiration time. There are some cases in which the provider doesn't return the expiration, and for that we aded the
forceRefreshparameter when using theGetProviderTokenWithOptionsfunction - to force refreshing the provider token. - Access key descriptions and permitted IPs list: Access key descriptions can now be set - both from the console as well as the SDK. This also applies for permitted IPs (the source IP that is used by the access key upon request) - which supports both single IP addresses as well as CIDRs.
- Application sign-out URL: We've added an option to configure a specific application sign-out URL using the
logoutRedirectUrlparam in SAML related functions. This is useful when Descope is your IdP, and you want to sign a user out of Descope when they sign out from their SP. - User interaction override: With the
forceAuthenticationflag in applications, you can force end user to interact in a specific way with Descope (as IdP), regardless of the SP's settings. - Project tags: Projects now have a
Tagsattribute - a list of strings that can be used to distinguish your projects. Those can be updated using theUpdateTagscommand. - Generate SSO configuration link: We've recently added an option in the console to send a link that triggers the SSO configuration flow. We've completed this feature by supporting it also via SDK using the
GenerateSSOConfigurationLinkcommand. An example can be found in the SDK's README.
Bug fixes
- Access key expiration ignored at exchange: We had a problematic behavior where in some edge cases - the access key exchange would happen and exchange a key to a time that's past its expiration definition. This was fixed now, thank you to our customers for bringing this one to our attention!