Descope

Enhancements
* **OTP via voice**: In addition to sending OTP via SMS or email - we now support a third delivery method - voice call, with the `DeliveryMethod.VOICE` option.

Enhancements
* **Custom claims for access keys**: You can define custom claims that will be added upon creation or exchange of access key tokens. See our example on how to use it in the exchange process in our [README](https://github.com/descope/python-sdk?tab=readme-ov-file#manage-access-keys).
* **Search over roles**: We've added a new `search` function roles, to allow easy searching over them. This function works both for project level roles as well as tenant level roles (depending on the used filter).

Breaking changes
* **Set an active password for a user**: You can set a new active password for a user, with the `set_active_password` function , which they can then use to sign in. It will be applied with the project's password expiration settings, after which the user will have to update it to their own.
Notice that we deprecated the `set_password` function, and now offer a `set_temporary_password` function instead. The functionality is the same as before (automatically expires the password, making the user reset it upon first authentication) - we just wanted to make sure it's clearer!

Enhancements
* **Tenant-level roles**: Tenants can require having their own set of roles on top of the default roles provided in your application. For that, we enhanced existing roles function (`create`, `update`, `delete`) to support association with a specific `tenant_id`.
* **User impersonation**: Using the `impersonate` function, you can decide which user you would want to temporarily sign in on behalf of. Please make sure to read our SDK's [README](https://github.com/descope/python-sdk?tab=readme-ov-file#impersonate) on impersonation, as well as our [KB article](https://docs.descope.com/knowledgebase/general/userimpersonation/) on the topic to fully understand this feature and how to securely use it.

Enhancements
* **Support Bcrypt and Firebase encoding**: Some systems encode passwords with the Bcrypt hashing mechanism, so we added support for importing those hashes into Descope using the InviteBatch function. We also added support for the Firebase hashing mechanism.
* **User authentication activity log**: Using the new `history` command, you can find out more information (such as IP address, country, etc) on your users' authentications. Read more about this in the SDK's [README](https://github.com/descope/python-sdk?tab=readme-ov-file#history).
* **Associate an access key with a specific user**: We've added the `user_id` parameter to the access key `create` function, so that upon creation that key will be associated with the user. This means that if the user's status is change (for example - the user is disabled) - then the access key's status changes accordingly (gets deactivated).

Enhancements
* 😮 **Tenant SSO - supporting SAML and OIDC**: We've recently expanded our tenant SSO support to both SAML and OIDC configurations, so we created a set of generic SSO commands that replace the existing SAML ones.
Using the dedicated `SSOSAMLSettings`, `SSOSAMLSettingsByMetadata ` and `SSOOIDCSettings` objects, along with their matching functions, you can define a tenant's SSO configuration settings.
This also means that dedicated SAML authentication commands are now deprecated, and we encourage you to update your code to use the new commands:
* `saml.exchange_token` >> `sso.exchange_token`
* `saml.start` >> `sso.start`
* **Use external information in email/text message templates**: Just like custom flow inputs, you can now provide custom template inputs that can be added to the email/text message template upon runtime. For example, you can choose to pass the user's IP into the template, to present upon verification.
* **Applications management**: Applications, also known as SSO Applications, are used to integrate with an application using SAML or OIDC. Under the `sso_application` object, you can find an option to create, load, update and delete applications in a specific project. Find out more about applications in our [documentation](https://docs.descope.com/manage/idpapplications/).
* **Associate an application to a user**: You can decide to associate one or more application to a user, thus controlling which of your users has access to those apps. If the user doesn't have access - no JWT will be generated and the authentication to that application will fail.
* **Delete a flow**: Using the `delete_flows` function, you can delete one or more flows.
* **Free search and sorting in users**: Two new parameters were added to the `search_all` users function: `text` will allow searching any text value in all user attributes; `sort` will allow sorting the returned values alphabetically by attribute name.
* **Get recent changes in Authz schema definition**: We added the `get_modified` authz function, to be able to understand which new targets and resources were created or updated since a certain time.

Breaking changes
* **Support multiple domains for tenant**: There's an option to automatically associated a user to a tenant based on the user's email domain. Sometimes the same tenant can 'accept' multiple domains - so that's supported now!
Please notice that this breaks compilation - considering this value is now an array and not a string.

Enhancements
* **Appending user login IDs**: We've added the option to assign multiple login IDs to a user, using the `additional_login_ids` parameter, upon creation and/or invitation of the user.
* **First, middle and last names of a user**: We added system attributes for first (`given_name`), middle (`middle_name`) and last (`family_name`) of a user.
* **Control audience claim in access keys**: With the new `audience` parameter in the `exchange_access_key` function - you can control the `aud` claim in the JWT that's created for the access key.
* **Set the user's roles**: We now support the option to set an existing user's roles. Instead of fetching existing roles, removing all of them and adding new ones 'from scratch' - use the `set_roles` user function.
* **Check roles or permissions of a user**: Check if the user has at least one of the roles in a provided list, using the `get_matched_roles` function. This also applies for checking permissions (`get_matched_permissions`), and also for checking the existence on a project level and a specific tenant level (`get_matched_tenant_roles` , `get_matched_tenant_permissions`).
* **Batch user invitation**: You can now use the `invite_batch` function to add multiple users to your project.
* **Remove a user's passkey login IDs**: Using the `remove_all_passkeys` management function, the Descoper can decide to remove all passkeys associated with a specific user.
* **Delete a user by its user ID**: Support to delete a user by its userId property, using the new `delete_by_user_id` function.

Bug fixes
* **Support embedded delivery method and login options in test users**: Some functionalities were left out from the test users' support, so we made sure those are quickly added.