Skip to content

Releases: descope/node-sdk

1.6.13

13 Jan 09:16
Compare
Choose a tag to compare

Enhancements

  • FGA 2.0 support: Now that we've revamped our FGA support, we also updated our SDK functions. Under management.fga we now support 4 more functions:
    • saveSchema - Creates a new schema for the project.
    • createRelations - Creates new relations for the project.
    • deleteRelations - Deletes relations for the project.
    • check - Checks if the given relations are satisfied.
  • Template ID configuration: We added a new parameter named templateId to the LoginOptions object, used in 'sign up' / 'sign in' / 'sign up or in' functions of relevant authentication methods, to allow controlling which custom email/sms template should be used by the function. This will override the default configuration set in the project's 'Authentication Methods' page. We also added the templateId parameter to the invite function, to control the template sent to users upon invitation.
  • Impersonation JWT configurations: We've expanded the impersonate function to allow passing customClaims as well as tenantID, so that the created JWT will include that information.

1.6.12

25 Nov 14:19
Compare
Choose a tag to compare

Breaking changes

  • Project management renames: We've renamed project data to 'snapshot' - and made the related functions clearer this way:
    • export > exportSnapshot
    • import > importSnapshot

Enhancements

  • Batch invitation of users with roles: We added the roles parameter to the inviteBatch function, so that users can be invited with predefined roles.
  • Snapshot validation: We added a new function validateSnapshot, which performs an import dry run and reports any validation failures or missing data. We recommend calling this function right before importSnapshot, to minimize risk of import failure.
  • Additional errors upon batch user invite: When batch inviting users, we added a new attribute to the response named additionalErrors, which will expose which users failed on the invite sent and which didn't.
  • Revoke previous user sessions: We added a new configuration in LoginOptions called revokeOtherSessions. This new configuration will expire all JWTs created prior to the one in the request. This is useful for signing the user out of all previous sessions, except for the current one.
  • Test user searching: We added a new function named searchTestUsers, to filter over test users. Learn more from our SDK's README.
  • Enhanced functionality for adding user roles: With this new version of the addRole function, you can add a role to an existing user not just on the project level, but also on the tenant level. If the tenant isn't already associated with the user, it will happen as part of this command.

1.6.11

29 Sep 08:45
Compare
Choose a tag to compare

Breaking changes

  • Scalable user searching: We’ve made some improvements to enhance the scalability of our system to better support increased usage. These changes allow us to handle increased demand more efficiently, ensuring a smoother experience for all our customers.
    As part of this update, there may be a delay (up to 100ms) in accessing newly written or updated user data from the search user endpoints. If you have any questions, feel free to reach out!

Enhancements

  • Tenant created time: We added the tenant's creation time when loading the tenant (both in load and loadAll functions).

1.6.10

10 Sep 09:29
Compare
Choose a tag to compare

Enhancements

  • Application sign-out URL: We've added an option to configure a specific application sign-out URL using the logoutRedirectUrl param in SAML related functions. This is useful when Descope is your IdP, and you want to sign a user out of Descope when they sign out from their SP.
  • User interaction override: With the forceAuthentication flag in applications, you can force end user to interact in a specific way with Descope (as IdP), regardless of the SP's settings.
  • Project tags: Projects now have a tags attribute - a list of strings that can be used to distinguish your projects. Those can be updated using the updateTags command.
  • Generate SSO configuration link: We've recently added an option in the console to send a link that triggers the SSO configuration flow. We've completed this feature by supporting it also via SDK using the generateSSOConfigurationLink command. An example can be found in the SDK's README.
  • README enhancements: Tiny adjustments to our README, to provide better examples.

1.6.9

21 Jul 12:36
Compare
Choose a tag to compare

Enhancements

  • Custom audit events: We've added the function createEvent to our Audit object, that allows you to generate your own custom audit events. You can also create your custom audit event to provide different data than that provided by Descope.
  • Option to automatically delete related users/access keys when deleting their associated tenant: We've added an option to handle auto-deletion of 'orphaned' users and access keys when their last tenant is deleted. When deleting a tenant, you can use the new cascade flag to indicate that if part of the tenant's users/access keys are left with no tenant association - they will also be deleted from the project.
  • TOTP seed migration: When batch importing users into Descope, you can specify collecting their TOTP seed as part of the migration. If provided in the data, that seed will now be associated with the user and the next authentication will be seamless.
  • Force refresh of OAuth/OIDC provider token: Current refresh of provider token is based on its expiration time. There are some cases in which the provider doesn't return the expiration, and for that we aded the forceRefresh parameter when using the user's getProviderToken function - to force refreshing the provider token.
  • Patch user: The new patch command allows you to update a user's properties - but only those that have been provided in the request (without running over other data that currently exists on the user).
  • Access key descriptions and permitted IPs list: Access key descriptions can now be set - both from the console as well as the SDK. This also applies for permitted IPs (the source IP that is used by the access key upon request) - which supports both single IP addresses as well as CIDRs.
  • README enhancements: Tiny adjustments to our README, to provide better examples.

1.6.8

08 Apr 20:21
Compare
Choose a tag to compare

Enhancements

  • Template options: In case you need to pass an external value from your systems to Descope, so that it appears in an email or SMS template - use the templateOptions object to specify those. Read more on this feature in our documentation.
  • OTP via voice: In addition to sending OTP via SMS or email - we now support a third delivery method - voice call, with the DeliveryMethods.voice option.

1.6.6

21 Mar 10:49
Compare
Choose a tag to compare

Enhancements

  • Search over roles: We've added a new search function roles, to allow easy searching over them. This function works both for project level roles as well as tenant level roles (depending on the used filter).
  • Custom claims for access keys: You can define custom claims that will be added upon creation or exchange of access key tokens. See our example on how to use it in the exchange process in our README.
  • Improved deprecation warnings: Deprecated functions are now prominently marked with the @deprecated tag within JSDocs. This ensures that any usage of deprecated functions is clearly flagged in your IDE.

1.6.4

26 Feb 11:37
Compare
Choose a tag to compare

Breaking changes

  • Set an active password for a user: You can set a new active password for a user, with the setActivePassword function , which they can then use to sign in. It will be applied with the project's password expiration settings, after which the user will have to update it to their own.
    Notice that we deprecated the setPassword function, and now offer a setTemporaryPassword function instead. The functionality is the same as before (automatically expires the password, making the user reset it upon first authentication) - we just wanted to make sure it's clearer!

Enhancements

  • 😮 Tenant SSO - supporting SAML and OIDC: We've recently expanded our tenant SSO support to both SAML and OIDC configurations, so we created a set of generic SSO commands that replace the existing SAML ones.
    Using the dedicated SSOSAMLSettings, SSOSAMLByMetadataSettings and SSOOIDCSettings objects, along with their matching functions, you can define a tenant's SSO configuration settings.
    This also means that dedicated SAML authentication commands are now deprecated, and we encourage you to update your code to use the new commands:
    • getSettings >> loadSettings
    • configureSettings >> configureSAMLSettings
    • configureMetadata >> configureSAMLByMetadata
  • Tenant level settings: We've exposed some session management configurations, as well as password policy configurations, to be set on the tenant's level. Just like the console support - we also configuration of those tenant level settings via the SDK.
  • Tenant-level roles: Tenants can require having their own set of roles on top of the default roles provided in your application. For that, we enhanced existing roles function (create, update, delete) to support association with a specific tenantId.
  • Applications management: Applications, also known as SSO Applications, are used to integrate with an application using SAML or OIDC. Under the SSOApplication object, you can find an option to create, load, update and delete applications in a specific project. Find out more about applications in our documentation.
  • Associate an application to a user: You can decide to associate one or more application to a user, thus controlling which of your users has access to those apps. If the user doesn't have access - no JWT will be generated and the authentication to that application will fail.
  • Associate an access key with a specific user: We've added the userId parameter to the access key create function, so that upon creation that key will be associated with the user. This means that if the user's status is change (for example - the user is disabled) - then the access key's status changes accordingly (gets deactivated).
  • User impersonation: Using the impersonate function, you can decide which user you would want to temporarily sign in on behalf of. Please make sure to read our SDK's README on impersonation, as well as our KB article on the topic to fully understand this feature and how to securely use it.
  • User session history: With the new History function (available both for an authenticated user as well as through management functions) - you can fetch information about the user's authentication history. Read our example of retrieving an authenticated user's history in the SDK's README.
  • Export/import project: using management functions, you can export and import full projects.
  • Importing users' passwords: When inviting or creating users in Descope, you can define their passwords - either plaintext (using password) or hashed (using hashedPassword). This is especially useful when migrating users to Descope 👏🏼

1.6.3

28 Jan 15:36
Compare
Choose a tag to compare

Breaking changes

  • CloneProjectResponse response removed: We understood that the project information that currently returned in the CloneProjectResponse object is redundant, and that it should be removed.
    This change breaks compilation - since there's no response from the function now.

Enhancements

  • Remove a user's passkey login IDs: Using the removeAllPasskeys management function, the Descoper can decide to remove all passkeys associated with a specific user.
  • Delete a user by its user ID: Support to delete a user by its userId property, using the new deleteByUserId function.
  • Improvement in user search: We made the search over users more elegant by supporting a SearchRequest object to be passed down to the new search function.
    Notice that this means the existing searchAll function is deprecated and we recommend to use the new search function.
  • Improvement in user management API: Our user management APIs, such as create and invite, now support passing an object with the information, as well as the existing parameters option. Check out the new examples in the SDK's README.
  • Delete a flow: Using the delete function, you can delete one or more flows.
  • Free search and sorting in users: Two new parameters were added to the search users function: text will allow searching any text value in all user attributes; sort will allow sorting the returned values alphabetically by attribute name.
  • Get recent changes in Authz schema definition: We added the getModified authz function, to be able to understand which new targets and resources were created or updated since a certain time.

Bug fixes

  • Expose interface and types: The tenant object types were missing custom Attributes. Thanks to @roopakv - they were now added.

1.6.2

27 Dec 16:41
Compare
Choose a tag to compare

Breaking changes

  • Support multiple domains for tenant: There's an option to automatically associated a user to a tenant based on the user's email domain. Sometimes the same tenant can 'accept' multiple domains - so that's supported now!
    Please notice that this breaks compilation - considering this value is now an array and not a string.

Enhancements

  • Appending user login IDs: We've added the option to assign multiple login IDs to a user, using the additionalLoginIDs attribute, upon creation and/or invitation of the user.
  • First, middle and last names of a user: We added system attributes for first (givenName), middle (middleName) and last (familyName) of a user.
  • Check roles or permissions of a user: Check if the user has at least one of the roles in a provided list, using the getMatchedRoles function. This also applies for checking permissions (getMatchedPermissions), and also for checking the existence on a project level and a specific tenant level (getMatchedTenantRoles , getMatchedTenantPermissions).
  • Set the user's roles: We now support the option to set an existing user's roles. Instead of fetching existing roles, removing all of them and adding new ones 'from scratch' - use the setRoles user function.
  • Setting custom claims for test users: You can now pass the LoginOptions object when working with test users, such as when using the generateMagicLinkForTestUser function.
  • Documentation enhancements: Additional explanations were added to our SDK's README and examples, specifically around errors.

Bug fixes

  • Cross-fetch support: Some services, such as Cloudflare, don't support all fetch capabilities. This is now fixed and such edge runtimes can work smoothly. Thank you @mattolson for the contribution!