chore(deps): update module github.com/descope/go-sdk to v0.9.4 - autoclosed

[descope]

This PR contains the following updates:

Package	Type	Update	Change
github.com/descope/go-sdk	require	minor	v0.0.0-00010101000000-000000000000 → v0.9.4

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

descope/go-sdk (github.com/descope/go-sdk)

v0.9.4

Compare Source

Breaking changes

• 🚨 Session and Refresh token split 🚨: Session validation and refresh tokens have been split in order to allow more control over session management.
  3 new functions have been added, 2 variations each (a total of 6), with a more predictable and straightforward behavior:

* `ValidateSessionWithRequest` - only validates the session - searches for session token in the request.
* `ValidateSessionWithToken` - only validates the session - receives token as input.
* `RefreshSessionWithRequest` - refreshes a session - searches for session token in the request.
* `RefreshSessionWithToken` - refreshes a session - receives token as input.
* `ValidateAndRefreshSessionWithRequest` - combines the two, validate and refresh as needed - searches for tokens in the request.
* `ValidateAndRefreshSessionWithTokens` - combines the two, validate and refresh as needed - receives tokens as input.

These function replace the following which have been removed:

* `ValidateSession` - replaced by `ValidateAndRefreshSessionWithRequest` with the change of requiring both tokens.
* `ValidateSessionTokens` - replaced by `ValidateAndRefreshSessionWithTokens` with the change of requiring both tokens.
* `RefreshSession` - replaced by `RefreshSessionWithRequest` and `RefreshSessionWithToken`, behavior remains with more consistent naming and input validation.

• 👀 Reorganization of packages 👀 : We introduces a new package for our Descope client:
  • Instead of generating the Descope client with descope.NewDescopeClient, you should now use client.New.
  • The rest of the public symbols are now under the descope package.
• User function update: Along with adding support for user attribute update actions (such as UpdateDisplayName), we also changed a few things in the existing response:
  • Create and Update user commands will now return the user object in the response, on top of user errors.
  • Status attribute is now also included in the UserResponse object (not breaking).

Enhancements

• Documentation enhancements: Multiple enhancements to our SDK documentation, including the README and some management related examples.
• Error handling: In order to make our errors as clear and convenient as possible for the Descoper, we redesigned the way they are created, experienced (on various levels) and handled. This change includes:
  • A new descope.Error object - for a unified error object from both client and server errors.
• Rate limiting: In order to maintain our stable performance, and provide a good experience to all of our customers, we added SDK and API rate limits. You can read more in our documentation.
• Cookie domain configuration: Cookie domain can now be set via the client config; this configuration will take precedence over the domain configured in the Descope console.
• Support single token in validate and refresh commands: Both sessionToken and refreshToken functions support a single token behavior:
  • If only the sessionToken is provided - default to a 'validate only' behavior (validateSession)
  • If only the refreshToken is provided - default to a 'refresh only' behavior (refreshSession)

v0.9.3

Compare Source

Breaking changes

• Rename of External ID to Login ID: In order to clarify and align the various user identifiers used in our system - we've decided to rename ExternalID to LoginID.
• Rename Tenant Association attribute: UserTenants has been renamed to AssociatedTenant. This is used in both Users and Access Keys.

Enhancements

• SCIM support 🚀 : We now support SCIM related actions, including: user updates, group updates, user creation, and more! This means you can automatically sync users in Descope with your own IdP, and not have to deal with building a custom automation around it.
• Support Access Keys management via API: Actions for Access Keys management, including: create, update, delete, load, search, deactivate and activate.
• User picture in user response: There are some providers that return the user's picture in the response. It is now also returned in the UserResponse object.

Bug fixes

• Refresh JWT parsing from cookie: In our latest release, we updated that we always include the Refresh JWT in our verification response. When working with cookies, the parsing failed and it returned an empty Refresh JWT. This was quickly found and fixed.

v0.9.2

Compare Source

Breaking changes

• Session JWT in verification response: Up until now, the Session JWT was sent in a cookie by default. We decided to change it so that
  the Descoper has the power to control whether the Session JWT is handled by the calling function or sent in a cookie (using the SessionJWTViaCookie flag).
  • By default, the Session JWT is returned to the calling function. This is because it can grow to a relatively big size (especially when using Authorization and Custom Claims).
  • Use cookie if the Session JWT is relatively small (less than 1KB); examples for the latter are available in the examples folder in this repo.
• JWT validation timeframe: As the JWT validation process is time sensitive (both for creation and expiration), we have decided to increase the difference we allow between Descope and the Descoper. It is now set to 5 seconds.

Enhancements

• Refresh JWT will always be available in verification response: We adjusted our authentication verification response to always include the Refresh JWT.
• Fixed Enchanted Link example: As mentioned in the previous release, we updated one of Enchanted Link's attribute's name, which required an update of the example it's used in.
• API to load all tenants: New API that returns a list of all the tenants in the project.
• API to load user by JWT Subject: New API that returns a user object, queried by its JWT Subject.
• Readme updates: Updated the README of the repo, to make newcomers' lives even easier than before!

v0.9.1

Compare Source

Breaking changes

• Enchanted Link attribute change: Updated the identifier attribute to linkId, to make it clearer for the Descoper to use.

Enhancements

• Key Response structure update: A v2 of the key response API; in order to support other frameworks, such as OpenID Connect, the key response's structure was updated, and keys are now a sub-attribute of keys.
  • Format in v1: [{...}]
  • Format in v2: {"keys": [{...}]}
• Support Roles via API: Actions for Role management, including: create, update, delete and loadAll.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.