descope/node-sdk release/v1.6.4

1.6.4

on GitHub

Breaking changes

• Set an active password for a user: You can set a new active password for a user, with the setActivePassword function , which they can then use to sign in. It will be applied with the project's password expiration settings, after which the user will have to update it to their own.
  Notice that we deprecated the setPassword function, and now offer a setTemporaryPassword function instead. The functionality is the same as before (automatically expires the password, making the user reset it upon first authentication) - we just wanted to make sure it's clearer!

Enhancements

• 😮 Tenant SSO - supporting SAML and OIDC: We've recently expanded our tenant SSO support to both SAML and OIDC configurations, so we created a set of generic SSO commands that replace the existing SAML ones.
  Using the dedicated SSOSAMLSettings, SSOSAMLByMetadataSettings and SSOOIDCSettings objects, along with their matching functions, you can define a tenant's SSO configuration settings.
  This also means that dedicated SAML authentication commands are now deprecated, and we encourage you to update your code to use the new commands:
  • getSettings >> loadSettings
  • configureSettings >> configureSAMLSettings
  • configureMetadata >> configureSAMLByMetadata
• Tenant level settings: We've exposed some session management configurations, as well as password policy configurations, to be set on the tenant's level. Just like the console support - we also configuration of those tenant level settings via the SDK.
• Tenant-level roles: Tenants can require having their own set of roles on top of the default roles provided in your application. For that, we enhanced existing roles function (create, update, delete) to support association with a specific tenantId.
• Applications management: Applications, also known as SSO Applications, are used to integrate with an application using SAML or OIDC. Under the SSOApplication object, you can find an option to create, load, update and delete applications in a specific project. Find out more about applications in our documentation.
• Associate an application to a user: You can decide to associate one or more application to a user, thus controlling which of your users has access to those apps. If the user doesn't have access - no JWT will be generated and the authentication to that application will fail.
• Associate an access key with a specific user: We've added the userId parameter to the access key create function, so that upon creation that key will be associated with the user. This means that if the user's status is change (for example - the user is disabled) - then the access key's status changes accordingly (gets deactivated).
• User impersonation: Using the impersonate function, you can decide which user you would want to temporarily sign in on behalf of. Please make sure to read our SDK's README on impersonation, as well as our KB article on the topic to fully understand this feature and how to securely use it.
• User session history: With the new History function (available both for an authenticated user as well as through management functions) - you can fetch information about the user's authentication history. Read our example of retrieving an authenticated user's history in the SDK's README.
• Export/import project: using management functions, you can export and import full projects.
• Importing users' passwords: When inviting or creating users in Descope, you can define their passwords - either plaintext (using password) or hashed (using hashedPassword). This is especially useful when migrating users to Descope 👏🏼