From 07fac2b49466451b750e7cc97c46a40ce3ef2129 Mon Sep 17 00:00:00 2001 From: dorsha Date: Sun, 11 Jan 2026 18:46:31 +0200 Subject: [PATCH 1/3] Add group priority support --- descope/management/sso_settings.py | 9 +++++++++ descope/management/user.py | 14 ++++++++++++-- samples/management/sso_sample_app.py | 3 +++ tests/management/test_sso_settings.py | 8 ++++++++ 4 files changed, 32 insertions(+), 2 deletions(-) diff --git a/descope/management/sso_settings.py b/descope/management/sso_settings.py index 607a1b41e..8eac7d0d4 100644 --- a/descope/management/sso_settings.py +++ b/descope/management/sso_settings.py @@ -92,6 +92,7 @@ def __init__( prompt: Optional[List[str]] = None, grant_type: Optional[str] = None, issuer: Optional[str] = None, + groups_priority: Optional[List[str]] = None, ): self.name = name self.client_id = client_id @@ -108,6 +109,7 @@ def __init__( self.prompt = prompt self.grant_type = grant_type self.issuer = issuer + self.groups_priority = groups_priority class SSOSAMLSettings: @@ -127,6 +129,7 @@ def __init__( # NOTICE - the following fields should be overridden only in case of SSO migration, otherwise, do not modify these fields sp_acs_url: Optional[str] = None, sp_entity_id: Optional[str] = None, + groups_priority: Optional[List[str]] = None, ): self.idp_url = idp_url self.idp_entity_id = idp_entity_id @@ -137,6 +140,7 @@ def __init__( self.idp_additional_certs = idp_additional_certs self.sp_acs_url = sp_acs_url self.sp_entity_id = sp_entity_id + self.groups_priority = groups_priority class SSOSAMLSettingsByMetadata: @@ -153,6 +157,7 @@ def __init__( # NOTICE - the following fields should be overridden only in case of SSO migration, otherwise, do not modify these fields sp_acs_url: Optional[str] = None, sp_entity_id: Optional[str] = None, + groups_priority: Optional[List[str]] = None, ): self.idp_metadata_url = idp_metadata_url self.attribute_mapping = attribute_mapping @@ -160,6 +165,7 @@ def __init__( self.default_sso_roles = default_sso_roles self.sp_acs_url = sp_acs_url self.sp_entity_id = sp_entity_id + self.groups_priority = groups_priority class SSOSettings(HTTPBase): @@ -516,6 +522,7 @@ def _compose_configure_oidc_settings_body( "prompt": settings.prompt, "grantType": settings.grant_type, "issuer": settings.issuer, + "groupsPriority": settings.groups_priority, }, "domains": domains, } @@ -547,6 +554,7 @@ def _compose_configure_saml_settings_body( settings.role_mappings ), "defaultSSORoles": settings.default_sso_roles, + "groupsPriority": settings.groups_priority, }, "redirectUrl": redirect_url, "domains": domains, @@ -576,6 +584,7 @@ def _compose_configure_saml_settings_by_metadata_body( settings.role_mappings ), "defaultSSORoles": settings.default_sso_roles, + "groupsPriority": settings.groups_priority, }, "redirectUrl": redirect_url, "domains": domains, diff --git a/descope/management/user.py b/descope/management/user.py index 9b3ed8885..ce8a7da02 100644 --- a/descope/management/user.py +++ b/descope/management/user.py @@ -1082,7 +1082,12 @@ def update_email( """ response = self._http.post( MgmtV1.user_update_email_path, - body={"loginId": login_id, "email": email, "verified": verified, "failOnConflict": fail_on_conflict}, + body={ + "loginId": login_id, + "email": email, + "verified": verified, + "failOnConflict": fail_on_conflict, + }, ) return response.json() @@ -1112,7 +1117,12 @@ def update_phone( """ response = self._http.post( MgmtV1.user_update_phone_path, - body={"loginId": login_id, "phone": phone, "verified": verified, "failOnConflict": fail_on_conflict}, + body={ + "loginId": login_id, + "phone": phone, + "verified": verified, + "failOnConflict": fail_on_conflict, + }, ) return response.json() diff --git a/samples/management/sso_sample_app.py b/samples/management/sso_sample_app.py index 128eea951..4109cfb45 100755 --- a/samples/management/sso_sample_app.py +++ b/samples/management/sso_sample_app.py @@ -47,6 +47,7 @@ def main(): verified_phone="verifiedPhone", picture="picture", ), + groups_priority=["admin_group", "user_group"], ) descope_client.mgmt.sso.configure_oidc_settings(tenant_id, settings) except AuthException as e: @@ -76,6 +77,7 @@ def main(): group="groups", ), role_mappings=[RoleMapping(groups=["grp1"], role_name="rl1")], + groups_priority=["admin_group", "user_group"], ) descope_client.mgmt.sso.configure_saml_settings(tenant_id, settings) except AuthException as e: @@ -103,6 +105,7 @@ def main(): group="groups", ), role_mappings=[RoleMapping(groups=["grp1"], role_name="rl1")], + groups_priority=["admin_group", "user_group"], ) descope_client.mgmt.sso.configure_saml_settings_by_metadata( tenant_id, settings, domains=["kuki.com"] diff --git a/tests/management/test_sso_settings.py b/tests/management/test_sso_settings.py index 329704b60..5e2e0a009 100644 --- a/tests/management/test_sso_settings.py +++ b/tests/management/test_sso_settings.py @@ -174,6 +174,7 @@ def test_configure_oidc_settings(self): verified_phone="verifiedPhone", picture="picture", ), + groups_priority=["group1"], ), ["domain.com"], ) @@ -216,6 +217,7 @@ def test_configure_oidc_settings(self): "verifiedPhone": "verifiedPhone", "picture": "picture", }, + "groupsPriority": ["group1"], }, "domains": ["domain.com"], }, @@ -275,6 +277,7 @@ def test_configure_saml_settings(self): sp_acs_url="http://spacsurl.com", sp_entity_id="spentityid", default_sso_roles=["aa", "bb"], + groups_priority=["group1"], ), "https://redirect.com", ["domain.com"], @@ -310,6 +313,7 @@ def test_configure_saml_settings(self): "spACSUrl": "http://spacsurl.com", "spEntityId": "spentityid", "defaultSSORoles": ["aa", "bb"], + "groupsPriority": ["group1"], }, "redirectUrl": "https://redirect.com", "domains": ["domain.com"], @@ -361,6 +365,7 @@ def test_configure_saml_settings_by_metadata(self): sp_acs_url="http://spacsurl.com", sp_entity_id="spentityid", default_sso_roles=["aa", "bb"], + groups_priority=["group1"], ), "https://redirect.com", ["domain.com"], @@ -393,6 +398,7 @@ def test_configure_saml_settings_by_metadata(self): "spACSUrl": "http://spacsurl.com", "spEntityId": "spentityid", "defaultSSORoles": ["aa", "bb"], + "groupsPriority": ["group1"], }, "redirectUrl": "https://redirect.com", "domains": ["domain.com"], @@ -427,6 +433,7 @@ def test_configure_saml_settings_with_additional_certs(self): ), role_mappings=[RoleMapping(groups=["grp1"], role_name="rl1")], default_sso_roles=["aa", "bb"], + groups_priority=["group1"], ), "https://redirect.com", ["domain.com"], @@ -462,6 +469,7 @@ def test_configure_saml_settings_with_additional_certs(self): "spACSUrl": None, "spEntityId": None, "defaultSSORoles": ["aa", "bb"], + "groupsPriority": ["group1"], }, "redirectUrl": "https://redirect.com", "domains": ["domain.com"], From abc95edf5d7ec0c5d275762a1d67f7ac62098cd1 Mon Sep 17 00:00:00 2001 From: dorsha Date: Sun, 11 Jan 2026 18:48:23 +0200 Subject: [PATCH 2/3] Add comments --- descope/management/sso_settings.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/descope/management/sso_settings.py b/descope/management/sso_settings.py index 8eac7d0d4..15755590e 100644 --- a/descope/management/sso_settings.py +++ b/descope/management/sso_settings.py @@ -92,7 +92,7 @@ def __init__( prompt: Optional[List[str]] = None, grant_type: Optional[str] = None, issuer: Optional[str] = None, - groups_priority: Optional[List[str]] = None, + groups_priority: Optional[List[str]] = None, # list of group names in priority order (first = highest priority) ): self.name = name self.client_id = client_id @@ -126,10 +126,10 @@ def __init__( role_mappings: Optional[List[RoleMapping]] = None, default_sso_roles: Optional[List[str]] = None, idp_additional_certs: Optional[List[str]] = None, + groups_priority: Optional[List[str]] = None, # list of group names in priority order (first = highest priority) # NOTICE - the following fields should be overridden only in case of SSO migration, otherwise, do not modify these fields sp_acs_url: Optional[str] = None, sp_entity_id: Optional[str] = None, - groups_priority: Optional[List[str]] = None, ): self.idp_url = idp_url self.idp_entity_id = idp_entity_id @@ -154,10 +154,10 @@ def __init__( attribute_mapping: Optional[AttributeMapping] = None, role_mappings: Optional[List[RoleMapping]] = None, default_sso_roles: Optional[List[str]] = None, + groups_priority: Optional[List[str]] = None, # list of group names in priority order (first = highest priority) # NOTICE - the following fields should be overridden only in case of SSO migration, otherwise, do not modify these fields sp_acs_url: Optional[str] = None, sp_entity_id: Optional[str] = None, - groups_priority: Optional[List[str]] = None, ): self.idp_metadata_url = idp_metadata_url self.attribute_mapping = attribute_mapping From e5955f411ef1ff8a9fe42b1bae4974fb50581be0 Mon Sep 17 00:00:00 2001 From: dorsha Date: Sun, 11 Jan 2026 18:49:26 +0200 Subject: [PATCH 3/3] Add comments --- descope/management/sso_settings.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/descope/management/sso_settings.py b/descope/management/sso_settings.py index 15755590e..062263599 100644 --- a/descope/management/sso_settings.py +++ b/descope/management/sso_settings.py @@ -92,7 +92,9 @@ def __init__( prompt: Optional[List[str]] = None, grant_type: Optional[str] = None, issuer: Optional[str] = None, - groups_priority: Optional[List[str]] = None, # list of group names in priority order (first = highest priority) + groups_priority: Optional[ + List[str] + ] = None, # list of group names in priority order (first = highest priority) ): self.name = name self.client_id = client_id @@ -126,7 +128,9 @@ def __init__( role_mappings: Optional[List[RoleMapping]] = None, default_sso_roles: Optional[List[str]] = None, idp_additional_certs: Optional[List[str]] = None, - groups_priority: Optional[List[str]] = None, # list of group names in priority order (first = highest priority) + groups_priority: Optional[ + List[str] + ] = None, # list of group names in priority order (first = highest priority) # NOTICE - the following fields should be overridden only in case of SSO migration, otherwise, do not modify these fields sp_acs_url: Optional[str] = None, sp_entity_id: Optional[str] = None, @@ -154,7 +158,9 @@ def __init__( attribute_mapping: Optional[AttributeMapping] = None, role_mappings: Optional[List[RoleMapping]] = None, default_sso_roles: Optional[List[str]] = None, - groups_priority: Optional[List[str]] = None, # list of group names in priority order (first = highest priority) + groups_priority: Optional[ + List[str] + ] = None, # list of group names in priority order (first = highest priority) # NOTICE - the following fields should be overridden only in case of SSO migration, otherwise, do not modify these fields sp_acs_url: Optional[str] = None, sp_entity_id: Optional[str] = None,