feat: Allow custom refresh token duration (#559)

aviadl · web-flow · commit 2023f641f050 · 2025-04-30T13:24:49.000+03:00
For SDK calls initiated by MGMT SDK related to descope/etc#10354
diff --git a/descope/management/common.py b/descope/management/common.py
@@ -155,8 +155,10 @@ class MgmtSignUpOptions:
     def __init__(
         self,
         custom_claims: Optional[dict] = None,
+        refresh_duration: Optional[int] = None,
     ):
         self.custom_claims = custom_claims
+        self.refresh_duration = refresh_duration
 
 
 class MgmtLoginOptions:
@@ -167,12 +169,14 @@ def __init__(
         revoke_other_sessions: Optional[bool] = None,
         custom_claims: Optional[dict] = None,
         jwt: Optional[str] = None,
+        refresh_duration: Optional[int] = None,
     ):
         self.stepup = stepup
         self.custom_claims = custom_claims
         self.mfa = mfa
         self.revoke_other_sessions = revoke_other_sessions
         self.jwt = jwt
+        self.refresh_duration = refresh_duration
 
 
 def is_jwt_required(lgo: MgmtLoginOptions) -> bool:
diff --git a/descope/management/jwt.py b/descope/management/jwt.py
@@ -48,6 +48,7 @@ def impersonate(
         validate_consent: bool,
         custom_claims: Optional[dict] = None,
         tenant_id: Optional[str] = None,
+        refresh_duration: Optional[int] = None,
     ) -> str:
         """
         Impersonate to another user
@@ -78,8 +79,9 @@ def impersonate(
                 "loginId": login_id,
                 "impersonatorId": impersonator_id,
                 "validateConsent": validate_consent,
-                "cusotmClaims": custom_claims,
+                "customClaims": custom_claims,
                 "selectedTenant": tenant_id,
+                "refreshDuration": refresh_duration,
             },
             pswd=self._auth.management_key,
         )
@@ -116,6 +118,7 @@ def sign_in(
                 "revokeOtherSessions": login_options.revoke_other_sessions,
                 "customClaims": login_options.custom_claims,
                 "jwt": login_options.jwt,
+                "refreshDuration": login_options.refresh_duration,
             },
             pswd=self._auth.management_key,
         )
@@ -187,6 +190,7 @@ def _sign_up_internal(
                 "phoneVerified": user.phone_verified,
                 "ssoAppId": user.sso_app_id,
                 "customClaims": signup_options.custom_claims,
+                "refreshDuration": signup_options.refresh_duration,
             },
             pswd=self._auth.management_key,
         )
@@ -198,6 +202,7 @@ def anonymous(
         self,
         custom_claims: Optional[dict] = None,
         tenant_id: Optional[str] = None,
+        refresh_duration: Optional[int] = None,
     ) -> dict:
         """
         Generate a JWT for an anonymous user.
@@ -212,6 +217,7 @@ def anonymous(
             {
                 "customClaims": custom_claims,
                 "selectedTenant": tenant_id,
+                "refreshDuration": refresh_duration,
             },
             pswd=self._auth.management_key,
         )
diff --git a/tests/management/test_jwt.py b/tests/management/test_jwt.py
@@ -134,8 +134,9 @@ def test_impersonate(self):
                     "loginId": "imp2",
                     "impersonatorId": "imp1",
                     "validateConsent": True,
-                    "cusotmClaims": None,
+                    "customClaims": None,
                     "selectedTenant": None,
+                    "refreshDuration": None,
                 },
                 allow_redirects=False,
                 verify=True,
@@ -183,6 +184,7 @@ def test_sign_in(self):
                     "revokeOtherSessions": None,
                     "customClaims": None,
                     "jwt": None,
+                    "refreshDuration": None,
                 },
                 allow_redirects=False,
                 verify=True,
@@ -233,6 +235,7 @@ def test_sign_up(self):
                     "phoneVerified": None,
                     "ssoAppId": None,
                     "customClaims": None,
+                    "refreshDuration": None,
                 },
                 allow_redirects=False,
                 verify=True,
@@ -283,6 +286,7 @@ def test_sign_up_or_in(self):
                     "phoneVerified": None,
                     "ssoAppId": None,
                     "customClaims": None,
+                    "refreshDuration": None,
                 },
                 allow_redirects=False,
                 verify=True,
@@ -313,7 +317,10 @@ def test_anonymous(self):
                     "Authorization": f"Bearer {self.dummy_project_id}:{self.dummy_management_key}",
                     "x-descope-project-id": self.dummy_project_id,
                 },
-                json={"customClaims": {"k1": "v1"}, "selectedTenant": "id"},
+                json={
+                    "customClaims": {"k1": "v1"},
+                    "selectedTenant": "id",
+                    "refreshDuration": None},
                 allow_redirects=False,
                 verify=True,
                 params=None,
