v1.10.0

1.10.0 (2026-02-26)

Features

• access key custom attributes CRU (#645) (145d363)
• authz: route whoCanAccess and whatCanTargetAccess through FGA cache (#658) (e7d0b2b)
• role inheritence config for sub tenants (#648) (ae4d906)

Bug Fixes

• deps: update dependency @descope/core-js-sdk to v2.56.2 (#647) (7a2d6f3)
• deps: update dependency @descope/core-js-sdk to v2.57.0 (#650) (3b49073)
• expose SSO SAML mapping default roles (49d7a67)
• expose SSO SAML mapping default roles (49d7a67)

v1.9.1

1.9.1 (2026-01-15)

Bug Fixes

• authzNode missing type (#643) (aa69c35)

v1.9.0

1.9.0 (2026-01-07)

Features

• fga: add fgacacheurl parameter for cache proxy support (#642) (fae0133)

Bug Fixes

• support git commit -m with commitlint hook (#640) (9624dde)

v1.8.0

1.8.0 (2026-01-04)

Features

• Add token fetching methods for outbound applications (#540) (51b975f)
• descopers & management key CRUD (#613) (195d72d)

Bug Fixes

• allow array of string for multi select custom attributes (#444) (c43f7b5)
• Correct typos in README.md (#549) (9a2de85)
• deps: security upgrade express from 4.19.2 to 4.22.0 (#628) (a9ad297)
• deps: update dependency @descope/core-js-sdk to v2.44.3 (#528) (a0d51bc)
• deps: update dependency @descope/core-js-sdk to v2.44.4 (#551) (c1ace65)
• deps: update dependency @descope/core-js-sdk to v2.44.5 (#558) (105f0c9)
• deps: update dependency @descope/core-js-sdk to v2.45.0 (#559) (ed76054)
• deps: update dependency @descope/core-js-sdk to v2.46.0 (#565) (320fb99)
• deps: update dependency @descope/core-js-sdk to v2.46.1 (#566) (a3c4970)
• deps: update dependency @descope/core-js-sdk to v2.46.2 (#567) (0295559)
• deps: update dependency @descope/core-js-sdk to v2.47.0 (#571) (cd44bbe)
• deps: update dependency @descope/core-js-sdk to v2.48.0 (#572) (49faba4)
• deps: update dependency @descope/core-js-sdk to v2.49.0 (#575) (9f0e0c5)
• deps: update dependency @descope/core-js-sdk to v2.50.0 (#581) (524fbf3)
• deps: update dependency @descope/core-js-sdk to v2.50.1 (#588) (287d828)
• deps: update dependency @descope/core-js-sdk to v2.51.0 (#592) (df55f70)
• deps: update dependency @descope/core-js-sdk to v2.52.1 (#596) (22a9170)
• deps: update dependency @descope/core-js-sdk to v2.52.2 (#599) (80e0e80)
• deps: update dependency @descope/core-js-sdk to v2.53.0 (#604) (eddb32c)
• deps: update dependency @descope/core-js-sdk to v2.53.1 (#606) (c768daa)
• deps: update dependency @descope/core-js-sdk to v2.54.0 (#617) (17782c6)
• deps: update dependency @descope/core-js-sdk to v2.56.0 (#619) (f4e5df2)
• Fix jwt refresh errors when using jwts in cookies RELEASE (#535) (c61c76b)
• Issue8683 (#561) (b457c17)
• return refresh JWT (#530) (e0dad0b)
• workflows: add GitHub App token generation step (#634) (29231c6)

v1.7.21

This release improves user lifecycle handling and expands visibility into SSO provider configuration.

🚀 New Features & Enhancements

• Expired User Status Support – Added the ability to pass and handle an expired user status in user management flows (#612)
• SSO Provider ID Exposure – Exposed SSO provider IDs (#614)

---

🔗 Full Changelog: Compare v1.7.20...v1.7.21

v1.7.20

This release adds support for loading users by ID, improves attribute type flexibility, and enhances SSO flows by ensuring the user selected at the IdP matches the email provided during SSO initiation.

🚀 New Features & Enhancements

• Load Users by ID – Added the ability to retrieve users directly by their unique ID (#605)
• SSO Initiated Email Verification – Enhanced SSO flows to propagate the email provided during sso.start() into the authentication token, allowing the service provider to verify that the user selected in the IdP (SAML) matches the intended email (#1281)

🛠 Fixes & Maintenance

• Attribute Types Flexibility – Added support for null values in AttributesTypes to improve schema handling (#609)

---

🔗 Full Changelog: Compare v1.7.19...v1.7.20

v1.7.19

This release adds tenant support to management flow options and introduces role mapping configuration for OIDC apps.

🚀 New Features & Enhancements

• Tenant Support in Management Flow Options – Added a tenant field to management flow options, enabling tenant-aware management flow execution (#600)
• OIDC Role Mapping – Added role mapping support to the OIDC configuration type, allowing roles to be mapped during OIDC setup (#601)

---

🔗 Full Changelog: Compare release/v1.7.18...release/v1.7.19

v1.7.18

This release adds support for specifying the signing algorithm in client assertion generation and introduces a new test attribute on the user object.

🚀 New Features & Enhancements

• Client Assertion Algorithm Selection – Added support for specifying the signing algorithm when using generateClientAssertionJwt, allowing more flexible assertion generation (#595)
• User Object Update – Added a new test attribute to the user response (descope-js#1257)

---

🔗 Full Changelog: Compare release/v1.7.17...release/v1.7.18

v1.7.17

🚀 New Features & Enhancements

• Support Provider ID – Added the ability to pass providerId for all .sign{up,in} methods (#580

---

🔗 Full Changelog: Compare release/v1.7.14...release/v1.7.16

v1.7.16

This release adds audience claim enforcement in session validation, user batch patching, and enhanced client assertion generation with flatten audience support.

🚀 New Features & Enhancements

• Optional Audience Claim Enforcement – Introduced optional audience (aud) validation in session and JWT flows, enhancing security by allowing audience claims to be enforced during validation and refresh processes (#580)
• Batch User Patch – Support for patching multiple users in a single operation
• Flatten Audience in Client Assertions – Introduced a flattenAudience flag in client assertion generation for more flexible OAuth flows (such as SMART on FHIR) (#587)
• Expose Claims in JWT Response – Added support for exposing claims directly in the JWTResponse object (descope-js#1199)

---

🔗 Full Changelog: Compare release/v1.7.14...release/v1.7.16