tenant session settings functions

ruvenzx · ruvenzx · commit 298956350aef · 2025-11-04T10:59:29.000+02:00
diff --git a/descope/management/common.py b/descope/management/common.py
@@ -1,6 +1,16 @@
 from enum import Enum
 from typing import List, Optional
 
+class SessionExiprationUnit(Enum):
+    MINUTES = "minutes"
+    HOURS = "hours"
+    DAYS = "days"
+    WEEKS = "weeks"
+
+class TenantAuthType(Enum):
+    NONE = "none"
+    SAML = "saml"
+    OIDC = "oidc"
 
 class AccessType(Enum):
     OFFLINE = "offline"
@@ -35,6 +45,7 @@ class MgmtV1:
     tenant_update_path = "/v1/mgmt/tenant/update"
     tenant_delete_path = "/v1/mgmt/tenant/delete"
     tenant_load_path = "/v1/mgmt/tenant"
+    tenant_settings_path = "/v1/mgmt/tenant/settings"
     tenant_load_all_path = "/v1/mgmt/tenant/all"
     tenant_search_all_path = "/v1/mgmt/tenant/search"
 
@@ -292,6 +303,42 @@ def associated_tenants_to_dict(associated_tenants: List[AssociatedTenant]) -> li
             )
     return associated_tenant_list
 
+class tenantSettings:
+    """
+    Represents tenant settings object.
+    """
+
+    def __init__(
+        self,
+        self_provisioning_domains: List[str],
+        domains: Optional[List[str]] = None,
+        auth_type: Optional[TenantAuthType] = None,
+        session_settings_enabled: Optional[bool] = False,
+        refresh_token_expiration: Optional[int] = None,
+        refresh_token_expiration_unit: Optional[SessionExiprationUnit] = None,
+        session_token_expiration: Optional[int] = None,
+        session_token_expiration_unit: Optional[SessionExiprationUnit] = None,
+        stepup_token_expiration: Optional[int] = None,
+        stepup_token_expiration_unit: Optional[SessionExiprationUnit] = None,
+        enable_inactivity: Optional[bool] = False,
+        inactivity_time: Optional[int] = None,
+        inactivity_time_unit: Optional[SessionExiprationUnit] = None,
+        JITDisabled: Optional[bool] = False,
+    ):
+        self.domains = domains
+        self.self_provisioning_domains = self_provisioning_domains
+        self.auth_type = auth_type
+        self.session_settings_enabled = session_settings_enabled
+        self.refresh_token_expiration = refresh_token_expiration
+        self.refresh_token_expiration_unit = refresh_token_expiration_unit
+        self.session_token_expiration = session_token_expiration
+        self.session_token_expiration_unit = session_token_expiration_unit
+        self.stepup_token_expiration = stepup_token_expiration
+        self.stepup_token_expiration_unit = stepup_token_expiration_unit
+        self.enable_inactivity = enable_inactivity
+        self.inactivity_time = inactivity_time
+        self.inactivity_time_unit = inactivity_time_unit
+        self.JITDisabled = JITDisabled
 
 class SAMLIDPAttributeMappingInfo:
     """
diff --git a/descope/management/tenant.py b/descope/management/tenant.py
@@ -1,7 +1,7 @@
 from typing import Any, List, Optional
 
 from descope._http_base import HTTPBase
-from descope.management.common import MgmtV1
+from descope.management.common import MgmtV1, tenantSettings
 
 
 class Tenant(HTTPBase):
@@ -92,6 +92,27 @@ def update(
             ),
         )
 
+    def update_settings(
+        self,
+        id: str,
+        tenant_settings: tenantSettings
+    ):
+        """
+        Update an existing tenant's session settings.
+
+        Args:
+        id (str): The ID of the tenant to update.
+        session_settings (dict): The session settings to set for the tenant.
+
+        Raise:
+        AuthException: raised if creation operation fails
+        """
+        self._http.post(
+            MgmtV1.tenant_settings_path,
+            params={"id": id},
+            body= tenant_settings,
+        )
+
     def delete(
         self,
         id: str,
@@ -134,6 +155,35 @@ def load(
             params={"id": id},
         )
         return response.json()
+    
+    def load_settings(
+        self,
+        id: str,
+    ) -> dict:
+        """
+        Load tenant session settings by id.
+
+        Args:
+        id (str): The ID of the tenant to load session settings for.
+
+        Return value (dict):
+        Return dict in the format
+            { "domains":<list[str]>, "selfProvisioningDomains":<list[str]>, "authType":<str>,
+             "enabled":<bool>, "refreshTokenExpiration":<int>, "refreshTokenExpirationUnit":<str>,
+             "sessionTokenExpiration":<int>, "sessionTokenExpirationUnit":<str>,
+             "stepupTokenExpiration":<int>, "stepupTokenExpirationUnit":<str>,
+             "enableInactivity":<bool>, "inactivityTime":<int>, "inactivityTimeUnit":<str>,
+             "JITDisabled":<bool> }
+        Containing the loaded tenant session settings.
+
+        Raise:
+        AuthException: raised if load operation fails
+        """
+        response = self._http.get(
+            MgmtV1.tenant_settings_path,
+            params={"id": id},
+        )
+        return response.json()
 
     def load_all(
         self,
diff --git a/tests/management/test_tenant.py b/tests/management/test_tenant.py
@@ -366,3 +366,90 @@ def test_search_all(self):
                 params=None,
                 timeout=DEFAULT_TIMEOUT_SECONDS,
             )
+
+    def test_update_settings(self):
+        client = DescopeClient(
+            self.dummy_project_id,
+            self.public_key_dict,
+            False,
+            self.dummy_management_key,
+        )
+
+        # Test failed flows
+        with patch("requests.post") as mock_post:
+            mock_post.return_value.ok = False
+            self.assertRaises(
+                AuthException,
+                client.mgmt.tenant.update_settings,
+                "valid-id",
+                {},
+            )
+
+        # Test success flow
+        with patch("requests.post") as mock_post:
+            mock_post.return_value.ok = True
+            tenant_settings = {
+                "domains": ["domain1.com", "domain2.com"],
+                "authType": "oidc",
+                "sessionSettingsEnabled": True,
+            }
+            self.assertIsNone(
+                client.mgmt.tenant.update_settings("t1", tenant_settings)
+            )
+            mock_post.assert_called_with(
+                f"{common.DEFAULT_BASE_URL}{MgmtV1.tenant_settings_path}",
+                headers={
+                    **common.default_headers,
+                    "Authorization": f"Bearer {self.dummy_project_id}:{self.dummy_management_key}",
+                    "x-descope-project-id": self.dummy_project_id,
+                },
+                json=tenant_settings,
+                allow_redirects=False,
+                verify=True,
+                params={"id": "t1"},
+                timeout=DEFAULT_TIMEOUT_SECONDS,
+            )
+
+    def test_load_settings(self):
+        client = DescopeClient(
+            self.dummy_project_id,
+            self.public_key_dict,
+            False,
+            self.dummy_management_key,
+        )
+
+        # Test failed flows
+        with patch("requests.get") as mock_get:
+            mock_get.return_value.ok = False
+            self.assertRaises(
+                AuthException,
+                client.mgmt.tenant.load_settings,
+                "valid-id",
+            )
+
+        # Test success flow
+        with patch("requests.get") as mock_get:
+            network_resp = mock.Mock()
+            network_resp.ok = True
+            network_resp.json.return_value = json.loads(
+                """
+                {"domains": ["domain1.com", "domain2.com"], "authType": "oidc", "sessionSettingsEnabled": true}
+                """
+            )
+            mock_get.return_value = network_resp
+            resp = client.mgmt.tenant.load_settings("t1")
+            self.assertEqual(resp["domains"], ["domain1.com", "domain2.com"])
+            self.assertEqual(resp["authType"], "oidc")
+            self.assertEqual(resp["sessionSettingsEnabled"], True)
+            mock_get.assert_called_with(
+                f"{common.DEFAULT_BASE_URL}{MgmtV1.tenant_settings_path}",
+                headers={
+                    **common.default_headers,
+                    "Authorization": f"Bearer {self.dummy_project_id}:{self.dummy_management_key}",
+                    "x-descope-project-id": self.dummy_project_id,
+                },
+                params={"id": "t1"},
+                allow_redirects=True,
+                verify=True,
+                timeout=DEFAULT_TIMEOUT_SECONDS,
+            )
