Skip to content

Commit 262ad0f

Browse files
dorshadorsha
authored
fix: add group priority support (#742)
1 parent 94b49e5 commit 262ad0f

4 files changed

Lines changed: 38 additions & 2 deletions

File tree

descope/management/sso_settings.py

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,9 @@ def __init__(
9292
prompt: Optional[List[str]] = None,
9393
grant_type: Optional[str] = None,
9494
issuer: Optional[str] = None,
95+
groups_priority: Optional[
96+
List[str]
97+
] = None, # list of group names in priority order (first = highest priority)
9598
):
9699
self.name = name
97100
self.client_id = client_id
@@ -108,6 +111,7 @@ def __init__(
108111
self.prompt = prompt
109112
self.grant_type = grant_type
110113
self.issuer = issuer
114+
self.groups_priority = groups_priority
111115

112116

113117
class SSOSAMLSettings:
@@ -124,6 +128,9 @@ def __init__(
124128
role_mappings: Optional[List[RoleMapping]] = None,
125129
default_sso_roles: Optional[List[str]] = None,
126130
idp_additional_certs: Optional[List[str]] = None,
131+
groups_priority: Optional[
132+
List[str]
133+
] = None, # list of group names in priority order (first = highest priority)
127134
# NOTICE - the following fields should be overridden only in case of SSO migration, otherwise, do not modify these fields
128135
sp_acs_url: Optional[str] = None,
129136
sp_entity_id: Optional[str] = None,
@@ -137,6 +144,7 @@ def __init__(
137144
self.idp_additional_certs = idp_additional_certs
138145
self.sp_acs_url = sp_acs_url
139146
self.sp_entity_id = sp_entity_id
147+
self.groups_priority = groups_priority
140148

141149

142150
class SSOSAMLSettingsByMetadata:
@@ -150,6 +158,9 @@ def __init__(
150158
attribute_mapping: Optional[AttributeMapping] = None,
151159
role_mappings: Optional[List[RoleMapping]] = None,
152160
default_sso_roles: Optional[List[str]] = None,
161+
groups_priority: Optional[
162+
List[str]
163+
] = None, # list of group names in priority order (first = highest priority)
153164
# NOTICE - the following fields should be overridden only in case of SSO migration, otherwise, do not modify these fields
154165
sp_acs_url: Optional[str] = None,
155166
sp_entity_id: Optional[str] = None,
@@ -160,6 +171,7 @@ def __init__(
160171
self.default_sso_roles = default_sso_roles
161172
self.sp_acs_url = sp_acs_url
162173
self.sp_entity_id = sp_entity_id
174+
self.groups_priority = groups_priority
163175

164176

165177
class SSOSettings(HTTPBase):
@@ -516,6 +528,7 @@ def _compose_configure_oidc_settings_body(
516528
"prompt": settings.prompt,
517529
"grantType": settings.grant_type,
518530
"issuer": settings.issuer,
531+
"groupsPriority": settings.groups_priority,
519532
},
520533
"domains": domains,
521534
}
@@ -547,6 +560,7 @@ def _compose_configure_saml_settings_body(
547560
settings.role_mappings
548561
),
549562
"defaultSSORoles": settings.default_sso_roles,
563+
"groupsPriority": settings.groups_priority,
550564
},
551565
"redirectUrl": redirect_url,
552566
"domains": domains,
@@ -576,6 +590,7 @@ def _compose_configure_saml_settings_by_metadata_body(
576590
settings.role_mappings
577591
),
578592
"defaultSSORoles": settings.default_sso_roles,
593+
"groupsPriority": settings.groups_priority,
579594
},
580595
"redirectUrl": redirect_url,
581596
"domains": domains,

descope/management/user.py

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1082,7 +1082,12 @@ def update_email(
10821082
"""
10831083
response = self._http.post(
10841084
MgmtV1.user_update_email_path,
1085-
body={"loginId": login_id, "email": email, "verified": verified, "failOnConflict": fail_on_conflict},
1085+
body={
1086+
"loginId": login_id,
1087+
"email": email,
1088+
"verified": verified,
1089+
"failOnConflict": fail_on_conflict,
1090+
},
10861091
)
10871092
return response.json()
10881093

@@ -1112,7 +1117,12 @@ def update_phone(
11121117
"""
11131118
response = self._http.post(
11141119
MgmtV1.user_update_phone_path,
1115-
body={"loginId": login_id, "phone": phone, "verified": verified, "failOnConflict": fail_on_conflict},
1120+
body={
1121+
"loginId": login_id,
1122+
"phone": phone,
1123+
"verified": verified,
1124+
"failOnConflict": fail_on_conflict,
1125+
},
11161126
)
11171127
return response.json()
11181128

samples/management/sso_sample_app.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,7 @@ def main():
4747
verified_phone="verifiedPhone",
4848
picture="picture",
4949
),
50+
groups_priority=["admin_group", "user_group"],
5051
)
5152
descope_client.mgmt.sso.configure_oidc_settings(tenant_id, settings)
5253
except AuthException as e:
@@ -76,6 +77,7 @@ def main():
7677
group="groups",
7778
),
7879
role_mappings=[RoleMapping(groups=["grp1"], role_name="rl1")],
80+
groups_priority=["admin_group", "user_group"],
7981
)
8082
descope_client.mgmt.sso.configure_saml_settings(tenant_id, settings)
8183
except AuthException as e:
@@ -103,6 +105,7 @@ def main():
103105
group="groups",
104106
),
105107
role_mappings=[RoleMapping(groups=["grp1"], role_name="rl1")],
108+
groups_priority=["admin_group", "user_group"],
106109
)
107110
descope_client.mgmt.sso.configure_saml_settings_by_metadata(
108111
tenant_id, settings, domains=["kuki.com"]

tests/management/test_sso_settings.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -174,6 +174,7 @@ def test_configure_oidc_settings(self):
174174
verified_phone="verifiedPhone",
175175
picture="picture",
176176
),
177+
groups_priority=["group1"],
177178
),
178179
["domain.com"],
179180
)
@@ -216,6 +217,7 @@ def test_configure_oidc_settings(self):
216217
"verifiedPhone": "verifiedPhone",
217218
"picture": "picture",
218219
},
220+
"groupsPriority": ["group1"],
219221
},
220222
"domains": ["domain.com"],
221223
},
@@ -275,6 +277,7 @@ def test_configure_saml_settings(self):
275277
sp_acs_url="http://spacsurl.com",
276278
sp_entity_id="spentityid",
277279
default_sso_roles=["aa", "bb"],
280+
groups_priority=["group1"],
278281
),
279282
"https://redirect.com",
280283
["domain.com"],
@@ -310,6 +313,7 @@ def test_configure_saml_settings(self):
310313
"spACSUrl": "http://spacsurl.com",
311314
"spEntityId": "spentityid",
312315
"defaultSSORoles": ["aa", "bb"],
316+
"groupsPriority": ["group1"],
313317
},
314318
"redirectUrl": "https://redirect.com",
315319
"domains": ["domain.com"],
@@ -361,6 +365,7 @@ def test_configure_saml_settings_by_metadata(self):
361365
sp_acs_url="http://spacsurl.com",
362366
sp_entity_id="spentityid",
363367
default_sso_roles=["aa", "bb"],
368+
groups_priority=["group1"],
364369
),
365370
"https://redirect.com",
366371
["domain.com"],
@@ -393,6 +398,7 @@ def test_configure_saml_settings_by_metadata(self):
393398
"spACSUrl": "http://spacsurl.com",
394399
"spEntityId": "spentityid",
395400
"defaultSSORoles": ["aa", "bb"],
401+
"groupsPriority": ["group1"],
396402
},
397403
"redirectUrl": "https://redirect.com",
398404
"domains": ["domain.com"],
@@ -427,6 +433,7 @@ def test_configure_saml_settings_with_additional_certs(self):
427433
),
428434
role_mappings=[RoleMapping(groups=["grp1"], role_name="rl1")],
429435
default_sso_roles=["aa", "bb"],
436+
groups_priority=["group1"],
430437
),
431438
"https://redirect.com",
432439
["domain.com"],
@@ -462,6 +469,7 @@ def test_configure_saml_settings_with_additional_certs(self):
462469
"spACSUrl": None,
463470
"spEntityId": None,
464471
"defaultSSORoles": ["aa", "bb"],
472+
"groupsPriority": ["group1"],
465473
},
466474
"redirectUrl": "https://redirect.com",
467475
"domains": ["domain.com"],

0 commit comments

Comments
 (0)