From 298956350aef3dcad1a4a7601fe7c44d72b5052c Mon Sep 17 00:00:00 2001 From: Reuven Zabirov Date: Tue, 4 Nov 2025 10:59:29 +0200 Subject: [PATCH 01/10] tenant session settings functions --- descope/management/common.py | 47 ++++++++++++++++++ descope/management/tenant.py | 52 +++++++++++++++++++- tests/management/test_tenant.py | 87 +++++++++++++++++++++++++++++++++ 3 files changed, 185 insertions(+), 1 deletion(-) diff --git a/descope/management/common.py b/descope/management/common.py index c7e4ac553..6a26455f2 100644 --- a/descope/management/common.py +++ b/descope/management/common.py @@ -1,6 +1,16 @@ from enum import Enum from typing import List, Optional +class SessionExiprationUnit(Enum): + MINUTES = "minutes" + HOURS = "hours" + DAYS = "days" + WEEKS = "weeks" + +class TenantAuthType(Enum): + NONE = "none" + SAML = "saml" + OIDC = "oidc" class AccessType(Enum): OFFLINE = "offline" @@ -35,6 +45,7 @@ class MgmtV1: tenant_update_path = "/v1/mgmt/tenant/update" tenant_delete_path = "/v1/mgmt/tenant/delete" tenant_load_path = "/v1/mgmt/tenant" + tenant_settings_path = "/v1/mgmt/tenant/settings" tenant_load_all_path = "/v1/mgmt/tenant/all" tenant_search_all_path = "/v1/mgmt/tenant/search" @@ -292,6 +303,42 @@ def associated_tenants_to_dict(associated_tenants: List[AssociatedTenant]) -> li ) return associated_tenant_list +class tenantSettings: + """ + Represents tenant settings object. + """ + + def __init__( + self, + self_provisioning_domains: List[str], + domains: Optional[List[str]] = None, + auth_type: Optional[TenantAuthType] = None, + session_settings_enabled: Optional[bool] = False, + refresh_token_expiration: Optional[int] = None, + refresh_token_expiration_unit: Optional[SessionExiprationUnit] = None, + session_token_expiration: Optional[int] = None, + session_token_expiration_unit: Optional[SessionExiprationUnit] = None, + stepup_token_expiration: Optional[int] = None, + stepup_token_expiration_unit: Optional[SessionExiprationUnit] = None, + enable_inactivity: Optional[bool] = False, + inactivity_time: Optional[int] = None, + inactivity_time_unit: Optional[SessionExiprationUnit] = None, + JITDisabled: Optional[bool] = False, + ): + self.domains = domains + self.self_provisioning_domains = self_provisioning_domains + self.auth_type = auth_type + self.session_settings_enabled = session_settings_enabled + self.refresh_token_expiration = refresh_token_expiration + self.refresh_token_expiration_unit = refresh_token_expiration_unit + self.session_token_expiration = session_token_expiration + self.session_token_expiration_unit = session_token_expiration_unit + self.stepup_token_expiration = stepup_token_expiration + self.stepup_token_expiration_unit = stepup_token_expiration_unit + self.enable_inactivity = enable_inactivity + self.inactivity_time = inactivity_time + self.inactivity_time_unit = inactivity_time_unit + self.JITDisabled = JITDisabled class SAMLIDPAttributeMappingInfo: """ diff --git a/descope/management/tenant.py b/descope/management/tenant.py index 411301415..6b24571d4 100644 --- a/descope/management/tenant.py +++ b/descope/management/tenant.py @@ -1,7 +1,7 @@ from typing import Any, List, Optional from descope._http_base import HTTPBase -from descope.management.common import MgmtV1 +from descope.management.common import MgmtV1, tenantSettings class Tenant(HTTPBase): @@ -92,6 +92,27 @@ def update( ), ) + def update_settings( + self, + id: str, + tenant_settings: tenantSettings + ): + """ + Update an existing tenant's session settings. + + Args: + id (str): The ID of the tenant to update. + session_settings (dict): The session settings to set for the tenant. + + Raise: + AuthException: raised if creation operation fails + """ + self._http.post( + MgmtV1.tenant_settings_path, + params={"id": id}, + body= tenant_settings, + ) + def delete( self, id: str, @@ -134,6 +155,35 @@ def load( params={"id": id}, ) return response.json() + + def load_settings( + self, + id: str, + ) -> dict: + """ + Load tenant session settings by id. + + Args: + id (str): The ID of the tenant to load session settings for. + + Return value (dict): + Return dict in the format + { "domains":, "selfProvisioningDomains":, "authType":, + "enabled":, "refreshTokenExpiration":, "refreshTokenExpirationUnit":, + "sessionTokenExpiration":, "sessionTokenExpirationUnit":, + "stepupTokenExpiration":, "stepupTokenExpirationUnit":, + "enableInactivity":, "inactivityTime":, "inactivityTimeUnit":, + "JITDisabled": } + Containing the loaded tenant session settings. + + Raise: + AuthException: raised if load operation fails + """ + response = self._http.get( + MgmtV1.tenant_settings_path, + params={"id": id}, + ) + return response.json() def load_all( self, diff --git a/tests/management/test_tenant.py b/tests/management/test_tenant.py index 0ad89cf1c..8c1e55096 100644 --- a/tests/management/test_tenant.py +++ b/tests/management/test_tenant.py @@ -366,3 +366,90 @@ def test_search_all(self): params=None, timeout=DEFAULT_TIMEOUT_SECONDS, ) + + def test_update_settings(self): + client = DescopeClient( + self.dummy_project_id, + self.public_key_dict, + False, + self.dummy_management_key, + ) + + # Test failed flows + with patch("requests.post") as mock_post: + mock_post.return_value.ok = False + self.assertRaises( + AuthException, + client.mgmt.tenant.update_settings, + "valid-id", + {}, + ) + + # Test success flow + with patch("requests.post") as mock_post: + mock_post.return_value.ok = True + tenant_settings = { + "domains": ["domain1.com", "domain2.com"], + "authType": "oidc", + "sessionSettingsEnabled": True, + } + self.assertIsNone( + client.mgmt.tenant.update_settings("t1", tenant_settings) + ) + mock_post.assert_called_with( + f"{common.DEFAULT_BASE_URL}{MgmtV1.tenant_settings_path}", + headers={ + **common.default_headers, + "Authorization": f"Bearer {self.dummy_project_id}:{self.dummy_management_key}", + "x-descope-project-id": self.dummy_project_id, + }, + json=tenant_settings, + allow_redirects=False, + verify=True, + params={"id": "t1"}, + timeout=DEFAULT_TIMEOUT_SECONDS, + ) + + def test_load_settings(self): + client = DescopeClient( + self.dummy_project_id, + self.public_key_dict, + False, + self.dummy_management_key, + ) + + # Test failed flows + with patch("requests.get") as mock_get: + mock_get.return_value.ok = False + self.assertRaises( + AuthException, + client.mgmt.tenant.load_settings, + "valid-id", + ) + + # Test success flow + with patch("requests.get") as mock_get: + network_resp = mock.Mock() + network_resp.ok = True + network_resp.json.return_value = json.loads( + """ + {"domains": ["domain1.com", "domain2.com"], "authType": "oidc", "sessionSettingsEnabled": true} + """ + ) + mock_get.return_value = network_resp + resp = client.mgmt.tenant.load_settings("t1") + self.assertEqual(resp["domains"], ["domain1.com", "domain2.com"]) + self.assertEqual(resp["authType"], "oidc") + self.assertEqual(resp["sessionSettingsEnabled"], True) + mock_get.assert_called_with( + f"{common.DEFAULT_BASE_URL}{MgmtV1.tenant_settings_path}", + headers={ + **common.default_headers, + "Authorization": f"Bearer {self.dummy_project_id}:{self.dummy_management_key}", + "x-descope-project-id": self.dummy_project_id, + }, + params={"id": "t1"}, + allow_redirects=True, + verify=True, + timeout=DEFAULT_TIMEOUT_SECONDS, + ) From ca1ba5abd028f2cf48f52684811e95960d8bf469 Mon Sep 17 00:00:00 2001 From: Reuven Zabirov Date: Wed, 5 Nov 2025 00:03:34 +0200 Subject: [PATCH 02/10] tests fix and readme --- README.md | 13 ++++++++ descope/management/common.py | 38 ----------------------- descope/management/tenant.py | 53 ++++++++++++++++++++++++++++++--- tests/management/test_tenant.py | 17 ++++++----- 4 files changed, 71 insertions(+), 50 deletions(-) diff --git a/README.md b/README.md index 09335bdcd..6129b4db1 100644 --- a/README.md +++ b/README.md @@ -556,6 +556,19 @@ descope_client.mgmt.tenant.update( custom_attributes={"attribute-name": "value"}, ) +# Managing the tenant's session settings +# Getting the session settings +descope_client.mgmt.tenant.load_settings(id="my-custom-id") + +# updating the session settings +tenant_settings = { + session_settings_enabled = True, + self_provisioning_domains = ["ackme.com"], + +} +descope_client.mgmt.tenant.update_settings(id="my-custom-id", tenant_settings=tenant_settings) + + # Tenant deletion cannot be undone. Use carefully. # Pass true to cascade value, in case you want to delete all users/keys associated only with this tenant descope_client.mgmt.tenant.delete(id="my-custom-id", cascade=False) diff --git a/descope/management/common.py b/descope/management/common.py index 6a26455f2..f5dcef95f 100644 --- a/descope/management/common.py +++ b/descope/management/common.py @@ -302,44 +302,6 @@ def associated_tenants_to_dict(associated_tenants: List[AssociatedTenant]) -> li } ) return associated_tenant_list - -class tenantSettings: - """ - Represents tenant settings object. - """ - - def __init__( - self, - self_provisioning_domains: List[str], - domains: Optional[List[str]] = None, - auth_type: Optional[TenantAuthType] = None, - session_settings_enabled: Optional[bool] = False, - refresh_token_expiration: Optional[int] = None, - refresh_token_expiration_unit: Optional[SessionExiprationUnit] = None, - session_token_expiration: Optional[int] = None, - session_token_expiration_unit: Optional[SessionExiprationUnit] = None, - stepup_token_expiration: Optional[int] = None, - stepup_token_expiration_unit: Optional[SessionExiprationUnit] = None, - enable_inactivity: Optional[bool] = False, - inactivity_time: Optional[int] = None, - inactivity_time_unit: Optional[SessionExiprationUnit] = None, - JITDisabled: Optional[bool] = False, - ): - self.domains = domains - self.self_provisioning_domains = self_provisioning_domains - self.auth_type = auth_type - self.session_settings_enabled = session_settings_enabled - self.refresh_token_expiration = refresh_token_expiration - self.refresh_token_expiration_unit = refresh_token_expiration_unit - self.session_token_expiration = session_token_expiration - self.session_token_expiration_unit = session_token_expiration_unit - self.stepup_token_expiration = stepup_token_expiration - self.stepup_token_expiration_unit = stepup_token_expiration_unit - self.enable_inactivity = enable_inactivity - self.inactivity_time = inactivity_time - self.inactivity_time_unit = inactivity_time_unit - self.JITDisabled = JITDisabled - class SAMLIDPAttributeMappingInfo: """ Represents a SAML IDP attribute mapping object. use this class for mapping Descope attribute diff --git a/descope/management/tenant.py b/descope/management/tenant.py index 6b24571d4..d0e1a36dc 100644 --- a/descope/management/tenant.py +++ b/descope/management/tenant.py @@ -1,7 +1,7 @@ from typing import Any, List, Optional from descope._http_base import HTTPBase -from descope.management.common import MgmtV1, tenantSettings +from descope.management.common import MgmtV1, TenantAuthType, SessionExiprationUnit class Tenant(HTTPBase): @@ -95,7 +95,20 @@ def update( def update_settings( self, id: str, - tenant_settings: tenantSettings + self_provisioning_domains: List[str], + domains: Optional[List[str]] = None, + auth_type: Optional[TenantAuthType] = None, + session_settings_enabled: Optional[bool] = False, + refresh_token_expiration: Optional[int] = None, + refresh_token_expiration_unit: Optional[SessionExiprationUnit] = None, + session_token_expiration: Optional[int] = None, + session_token_expiration_unit: Optional[SessionExiprationUnit] = None, + stepup_token_expiration: Optional[int] = None, + stepup_token_expiration_unit: Optional[SessionExiprationUnit] = None, + enable_inactivity: Optional[bool] = None, + inactivity_time: Optional[int] = None, + inactivity_time_unit: Optional[SessionExiprationUnit] = None, + JITDisabled: Optional[bool] = None ): """ Update an existing tenant's session settings. @@ -107,10 +120,42 @@ def update_settings( Raise: AuthException: raised if creation operation fails """ + body: dict[str, Any] = { + "tenantId": id, + "selfProvisioningDomains": self_provisioning_domains, + } + + if domains is not None: + body["domains"] = domains + if auth_type is not None: + body["authType"] = auth_type + if session_settings_enabled is not None: + body["sessionSettingsEnabled"] = session_settings_enabled + if refresh_token_expiration is not None: + body["refreshTokenExpiration"] = refresh_token_expiration + if refresh_token_expiration_unit is not None: + body["refreshTokenExpirationUnit"] = refresh_token_expiration_unit + if session_token_expiration is not None: + body["sessionTokenExpiration"] = session_token_expiration + if session_token_expiration_unit is not None: + body["sessionTokenExpirationUnit"] = session_token_expiration_unit + if stepup_token_expiration is not None: + body["stepupTokenExpiration"] = stepup_token_expiration + if stepup_token_expiration_unit is not None: + body["stepupTokenExpirationUnit"] = stepup_token_expiration_unit + if enable_inactivity is not None: + body["enableInactivity"] = enable_inactivity + if inactivity_time is not None: + body["inactivityTime"] = inactivity_time + if inactivity_time_unit is not None: + body["inactivityTimeUnit"] = inactivity_time_unit + if JITDisabled is not None: + body["JITDisabled"] = JITDisabled + self._http.post( MgmtV1.tenant_settings_path, - params={"id": id}, - body= tenant_settings, + body=body, + params=None ) def delete( diff --git a/tests/management/test_tenant.py b/tests/management/test_tenant.py index 8c1e55096..b99cb9834 100644 --- a/tests/management/test_tenant.py +++ b/tests/management/test_tenant.py @@ -388,13 +388,8 @@ def test_update_settings(self): # Test success flow with patch("requests.post") as mock_post: mock_post.return_value.ok = True - tenant_settings = { - "domains": ["domain1.com", "domain2.com"], - "authType": "oidc", - "sessionSettingsEnabled": True, - } self.assertIsNone( - client.mgmt.tenant.update_settings("t1", tenant_settings) + client.mgmt.tenant.update_settings("t1", self_provisioning_domains=["domain1.com"], domains=["domain1.com", "domain2.com"], auth_type="oidc", session_settings_enabled=True) ) mock_post.assert_called_with( f"{common.DEFAULT_BASE_URL}{MgmtV1.tenant_settings_path}", @@ -403,10 +398,16 @@ def test_update_settings(self): "Authorization": f"Bearer {self.dummy_project_id}:{self.dummy_management_key}", "x-descope-project-id": self.dummy_project_id, }, - json=tenant_settings, + json={ + "tenantId": "t1", + "selfProvisioningDomains": ["domain1.com"], + "domains": ["domain1.com", "domain2.com"], + "authType": "oidc", + "sessionSettingsEnabled": True + }, allow_redirects=False, + params=None, verify=True, - params={"id": "t1"}, timeout=DEFAULT_TIMEOUT_SECONDS, ) From 51e34ff5657d9373bc80e6329aa0e2f6b6546764 Mon Sep 17 00:00:00 2001 From: Reuven Zabirov Date: Wed, 5 Nov 2025 00:06:00 +0200 Subject: [PATCH 03/10] fix readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6129b4db1..92ff77bb6 100644 --- a/README.md +++ b/README.md @@ -564,9 +564,9 @@ descope_client.mgmt.tenant.load_settings(id="my-custom-id") tenant_settings = { session_settings_enabled = True, self_provisioning_domains = ["ackme.com"], - + } -descope_client.mgmt.tenant.update_settings(id="my-custom-id", tenant_settings=tenant_settings) +descope_client.mgmt.tenant.update_settings(id="my-custom-id", self_provisioning_domain=["domain.com"], session_settings_enabled=True, refresh_token_expiration=1, refresh_token_expiration_unit="hours") # Tenant deletion cannot be undone. Use carefully. From d98db7ada51a426064d6e4f3cb25567634d0105c Mon Sep 17 00:00:00 2001 From: Reuven Zabirov Date: Wed, 5 Nov 2025 09:29:17 +0200 Subject: [PATCH 04/10] coverage fix --- descope/management/tenant.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/descope/management/tenant.py b/descope/management/tenant.py index d0e1a36dc..0b59d1351 100644 --- a/descope/management/tenant.py +++ b/descope/management/tenant.py @@ -98,7 +98,7 @@ def update_settings( self_provisioning_domains: List[str], domains: Optional[List[str]] = None, auth_type: Optional[TenantAuthType] = None, - session_settings_enabled: Optional[bool] = False, + session_settings_enabled: Optional[bool] = None, refresh_token_expiration: Optional[int] = None, refresh_token_expiration_unit: Optional[SessionExiprationUnit] = None, session_token_expiration: Optional[int] = None, From 158f0910a4a547e083428db5856e633253249fdd Mon Sep 17 00:00:00 2001 From: Reuven Zabirov Date: Wed, 5 Nov 2025 09:40:34 +0200 Subject: [PATCH 05/10] pr fix --- descope/management/common.py | 1 + descope/management/tenant.py | 42 ++++++++++++--------------------- tests/management/test_tenant.py | 2 +- 3 files changed, 17 insertions(+), 28 deletions(-) diff --git a/descope/management/common.py b/descope/management/common.py index f5dcef95f..ff4764d74 100644 --- a/descope/management/common.py +++ b/descope/management/common.py @@ -302,6 +302,7 @@ def associated_tenants_to_dict(associated_tenants: List[AssociatedTenant]) -> li } ) return associated_tenant_list + class SAMLIDPAttributeMappingInfo: """ Represents a SAML IDP attribute mapping object. use this class for mapping Descope attribute diff --git a/descope/management/tenant.py b/descope/management/tenant.py index 0b59d1351..38af82db4 100644 --- a/descope/management/tenant.py +++ b/descope/management/tenant.py @@ -123,35 +123,23 @@ def update_settings( body: dict[str, Any] = { "tenantId": id, "selfProvisioningDomains": self_provisioning_domains, + "domains": domains, + "authType": auth_type, + "enabled": session_settings_enabled, + "refreshTokenExpiration": refresh_token_expiration, + "refreshTokenExpirationUnit": refresh_token_expiration_unit, + "sessionTokenExpiration": session_token_expiration, + "sessionTokenExpirationUnit": session_token_expiration_unit, + "stepupTokenExpiration": stepup_token_expiration, + "stepupTokenExpirationUnit": stepup_token_expiration_unit, + "enableInactivity": enable_inactivity, + "inactivityTime": inactivity_time, + "inactivityTimeUnit": inactivity_time_unit, + "JITDisabled": JITDisabled, } - if domains is not None: - body["domains"] = domains - if auth_type is not None: - body["authType"] = auth_type - if session_settings_enabled is not None: - body["sessionSettingsEnabled"] = session_settings_enabled - if refresh_token_expiration is not None: - body["refreshTokenExpiration"] = refresh_token_expiration - if refresh_token_expiration_unit is not None: - body["refreshTokenExpirationUnit"] = refresh_token_expiration_unit - if session_token_expiration is not None: - body["sessionTokenExpiration"] = session_token_expiration - if session_token_expiration_unit is not None: - body["sessionTokenExpirationUnit"] = session_token_expiration_unit - if stepup_token_expiration is not None: - body["stepupTokenExpiration"] = stepup_token_expiration - if stepup_token_expiration_unit is not None: - body["stepupTokenExpirationUnit"] = stepup_token_expiration_unit - if enable_inactivity is not None: - body["enableInactivity"] = enable_inactivity - if inactivity_time is not None: - body["inactivityTime"] = inactivity_time - if inactivity_time_unit is not None: - body["inactivityTimeUnit"] = inactivity_time_unit - if JITDisabled is not None: - body["JITDisabled"] = JITDisabled - + body = {k: v for k, v in body.items() if v is not None} + self._http.post( MgmtV1.tenant_settings_path, body=body, diff --git a/tests/management/test_tenant.py b/tests/management/test_tenant.py index b99cb9834..89858dfc1 100644 --- a/tests/management/test_tenant.py +++ b/tests/management/test_tenant.py @@ -403,7 +403,7 @@ def test_update_settings(self): "selfProvisioningDomains": ["domain1.com"], "domains": ["domain1.com", "domain2.com"], "authType": "oidc", - "sessionSettingsEnabled": True + "enabled": True }, allow_redirects=False, params=None, From 42699e9a28613618bbca1c5374a47a0aee116e54 Mon Sep 17 00:00:00 2001 From: Reuven Zabirov Date: Wed, 5 Nov 2025 10:06:01 +0200 Subject: [PATCH 06/10] readme fix --- README.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/README.md b/README.md index 92ff77bb6..c1e61e2d4 100644 --- a/README.md +++ b/README.md @@ -561,11 +561,6 @@ descope_client.mgmt.tenant.update( descope_client.mgmt.tenant.load_settings(id="my-custom-id") # updating the session settings -tenant_settings = { - session_settings_enabled = True, - self_provisioning_domains = ["ackme.com"], - -} descope_client.mgmt.tenant.update_settings(id="my-custom-id", self_provisioning_domain=["domain.com"], session_settings_enabled=True, refresh_token_expiration=1, refresh_token_expiration_unit="hours") From 3a33289e4a597467718c30caac026e514f5f6603 Mon Sep 17 00:00:00 2001 From: Reuven Zabirov Date: Wed, 5 Nov 2025 10:18:53 +0200 Subject: [PATCH 07/10] readme fix --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c1e61e2d4..6ce2a9bd0 100644 --- a/README.md +++ b/README.md @@ -556,11 +556,11 @@ descope_client.mgmt.tenant.update( custom_attributes={"attribute-name": "value"}, ) -# Managing the tenant's session settings -# Getting the session settings +# Managing the tenant's settings +# Getting the settings descope_client.mgmt.tenant.load_settings(id="my-custom-id") -# updating the session settings +# updating the settings descope_client.mgmt.tenant.update_settings(id="my-custom-id", self_provisioning_domain=["domain.com"], session_settings_enabled=True, refresh_token_expiration=1, refresh_token_expiration_unit="hours") From 9824cfdbf601be80f193d31df0f4263e2b593305 Mon Sep 17 00:00:00 2001 From: Reuven Zabirov Date: Wed, 5 Nov 2025 14:22:59 +0200 Subject: [PATCH 08/10] co-fix for co-pilot --- descope/management/common.py | 2 +- descope/management/tenant.py | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/descope/management/common.py b/descope/management/common.py index ff4764d74..31f3cb0f2 100644 --- a/descope/management/common.py +++ b/descope/management/common.py @@ -1,7 +1,7 @@ from enum import Enum from typing import List, Optional -class SessionExiprationUnit(Enum): +class SessionExpirationUnit(Enum): MINUTES = "minutes" HOURS = "hours" DAYS = "days" diff --git a/descope/management/tenant.py b/descope/management/tenant.py index 38af82db4..d1a7e6b78 100644 --- a/descope/management/tenant.py +++ b/descope/management/tenant.py @@ -1,7 +1,7 @@ from typing import Any, List, Optional from descope._http_base import HTTPBase -from descope.management.common import MgmtV1, TenantAuthType, SessionExiprationUnit +from descope.management.common import MgmtV1, TenantAuthType, SessionExpirationUnit class Tenant(HTTPBase): @@ -100,14 +100,14 @@ def update_settings( auth_type: Optional[TenantAuthType] = None, session_settings_enabled: Optional[bool] = None, refresh_token_expiration: Optional[int] = None, - refresh_token_expiration_unit: Optional[SessionExiprationUnit] = None, + refresh_token_expiration_unit: Optional[SessionExpirationUnit] = None, session_token_expiration: Optional[int] = None, - session_token_expiration_unit: Optional[SessionExiprationUnit] = None, + session_token_expiration_unit: Optional[SessionExpirationUnit] = None, stepup_token_expiration: Optional[int] = None, - stepup_token_expiration_unit: Optional[SessionExiprationUnit] = None, + stepup_token_expiration_unit: Optional[SessionExpirationUnit] = None, enable_inactivity: Optional[bool] = None, inactivity_time: Optional[int] = None, - inactivity_time_unit: Optional[SessionExiprationUnit] = None, + inactivity_time_unit: Optional[SessionExpirationUnit] = None, JITDisabled: Optional[bool] = None ): """ From 05f69cee19feffe6dc06010ba3d64a1844904f0b Mon Sep 17 00:00:00 2001 From: Reuven Zabirov <123939006+ruvenzx@users.noreply.github.com> Date: Wed, 5 Nov 2025 14:25:24 +0200 Subject: [PATCH 09/10] Update descope/management/tenant.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- descope/management/tenant.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/descope/management/tenant.py b/descope/management/tenant.py index d1a7e6b78..e14630b06 100644 --- a/descope/management/tenant.py +++ b/descope/management/tenant.py @@ -114,11 +114,24 @@ def update_settings( Update an existing tenant's session settings. Args: - id (str): The ID of the tenant to update. - session_settings (dict): The session settings to set for the tenant. + id (str): The ID of the tenant to update. + self_provisioning_domains (List[str]): Domains for self-provisioning. + domains (Optional[List[str]]): List of domains associated with the tenant. + auth_type (Optional[TenantAuthType]): Authentication type for the tenant. + session_settings_enabled (Optional[bool]): Whether session settings are enabled. + refresh_token_expiration (Optional[int]): Expiration time for refresh tokens. + refresh_token_expiration_unit (Optional[SessionExiprationUnit]): Unit for refresh token expiration. + session_token_expiration (Optional[int]): Expiration time for session tokens. + session_token_expiration_unit (Optional[SessionExiprationUnit]): Unit for session token expiration. + stepup_token_expiration (Optional[int]): Expiration time for step-up tokens. + stepup_token_expiration_unit (Optional[SessionExiprationUnit]): Unit for step-up token expiration. + enable_inactivity (Optional[bool]): Whether inactivity timeout is enabled. + inactivity_time (Optional[int]): Inactivity timeout duration. + inactivity_time_unit (Optional[SessionExiprationUnit]): Unit for inactivity timeout. + JITDisabled (Optional[bool]): Whether JIT is disabled. Raise: - AuthException: raised if creation operation fails + AuthException: raised if update operation fails """ body: dict[str, Any] = { "tenantId": id, From 408ef5ddfa1474db1171e8d0d379e28f5e74fb6f Mon Sep 17 00:00:00 2001 From: Reuven Zabirov <123939006+ruvenzx@users.noreply.github.com> Date: Wed, 5 Nov 2025 14:25:58 +0200 Subject: [PATCH 10/10] Update README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6ce2a9bd0..9e1e17212 100644 --- a/README.md +++ b/README.md @@ -561,7 +561,7 @@ descope_client.mgmt.tenant.update( descope_client.mgmt.tenant.load_settings(id="my-custom-id") # updating the settings -descope_client.mgmt.tenant.update_settings(id="my-custom-id", self_provisioning_domain=["domain.com"], session_settings_enabled=True, refresh_token_expiration=1, refresh_token_expiration_unit="hours") +descope_client.mgmt.tenant.update_settings(id="my-custom-id", self_provisioning_domains=["domain.com"], session_settings_enabled=True, refresh_token_expiration=1, refresh_token_expiration_unit="hours") # Tenant deletion cannot be undone. Use carefully.