fix(management): add missing endpoints for python-sdk go-sdk parity by dorsha · Pull Request #1600 · descope/python-sdk

dorsha · 2026-06-29T14:51:55Z

Fixes descope/etc#16608

Done. Here's what I did on PR #1599 (fix(management): add missing endpoints for python-sdk go-sdk parity).

Fixed all 6 review comments

File	Issue	Fix
`user.py` / `user_async.py`	🔴 raw `bytes` in JSON body → `TypeError` at runtime	base64-encode `users`/`hashes` to match go-sdk's `[]byte`→base64 marshaling
`fga.py` / `fga_async.py`	🟠 `resourcesLimit` stringified in POST body	send native `int` (left the GET query-param `str()` alone)
`test_project.py` / `test_scope_claim_mapping.py`	assert with side-effect	split awaited call out of the `assert`

I deviated from the reviewer's literal .decode("utf-8") suggestion: go-sdk passes []byte, which encoding/json marshals as base64, and that's what the backend expects — a raw UTF-8 string wouldn't match. I verified this against descope/go-sdk's user.Import and explained it in the thread reply. Updated the affected test assertions accordingly.

All 6 threads were replied to and resolved.

README (`+201 lines`)

The facade was already wired (client.mgmt.list, .scope_claim_mapping, .third_party_application), but the new endpoints were undocumented. Added docs for the three brand-new modules (Lists, Scope/Claim Mappings, Third Party Applications) plus the new methods on existing modules: project snapshots + delete, user import/custom-attributes/passkeys/trusted-devices/recovery, access-key rotate + batch, FGA mappable schema/resources, WS-Fed SSO apps + secrets, password settings, audit webhook, step-up impersonation, tenant SSO-link revoke. No TOC to keep in sync.

Verification

ruff format ✓ · ruff check ✓ · 647 management tests pass (4 warnings are pre-existing, unrelated)

⚠️ Branch note for the workflow

My changes are stacked on PR #1599's commit (41797ef7), which isn't in main. I committed to a branch that contains that base (ad79ecc6) and pointed the session branch at it. The intended target is PR #1599's branch shuni/task-20260629124512 — these commits should land there to update that PR rather than open a duplicate.

Skipped: README entries for a few niche methods with no existing section (analytics.search, sso_settings redirect-URL helpers) — add when those get dedicated sections.

Created by Shuni 🐕

Adds the 62 management endpoints exposed by the backend that the go-sdk supports but the python-sdk was missing, across sync + async: - New modules: third_party_application, lists, password, analytics, scope_claim_mapping (wired into the MGMT/MGMTAsync facades) - access_key: rotate, activate/deactivate/delete batch - user: custom attributes (create/delete/load), delete batch, import, passkey delete + list, trusted devices list/remove, recovery email/phone - sso_settings: redirect, load_all, new settings - sso_application: wsfed create/update, rotate/get secret - tenant: revoke sso configuration link - project: delete, snapshot export/import/validate - fga: mappable resources/schema, schema dry-run - jwt: impersonate step-up - audit: create audit webhook Endpoint constants added to MgmtV1; all endpoints covered by tests. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Address PR review feedback on the go-sdk parity sweep: - import_users now base64-encodes users/hashes to match go-sdk's []byte JSON marshaling (raw bytes are not JSON-serializable and would raise TypeError at runtime) - fga load_mappable_resources sends resourcesLimit as a native int in the POST body instead of a string - split awaited calls out of assert statements in delete tests - document the new management endpoints (lists, scope/claim mapping, third party applications, snapshots, user import, passkeys, trusted devices, access key rotate/batch, fga mappable, ws-fed, password settings, audit webhook, step-up impersonation) in README Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

shuni-bot-dev · 2026-06-29T14:52:00Z

🐕 Review complete — View session on Shuni Portal 🐾

shuni-bot-dev · 2026-06-29T14:52:04Z

🐕 Suggested Reviewers

The strategy focuses on recent, actively engaged contributors who have worked on files related to core management functionality, security, and SDK parity features, to ensure knowledgeable reviews across different affected modules.

Reviewer	Reason
`LioriE`	Recent contributor to core management files like `_sso_application_base.py`, `access_key.py`, and `access_key_async.py`, indicating familiarity with the codebase sections involved in this PR.
`oercnet`	Contributed to multiple management files such as `access_key.py`, `audit.py`, and the README, showing broad engagement across different modules related to access and auditing workflows.
`aviadl`	Has recent commits to key management files like `access_key.py`, `jwt.py`, and `README.md`, suggesting good familiarity with authentication and core management functionalities.
`itaihanski`	Contributed to several important management files, including `access_key.py`, `audit.py`, and `fga.py`, covering different areas of the SDK's management layer.
`guyp-descope`	Recent commits involve `access_key.py`, `audit.py`, and `jwt.py`, indicating experience with key security and token-related components relevant to the PR.

_{Suggested by Shuni based on git history and PR context. Names are not @-mentioned to avoid notifying anyone — request a review from whoever fits best.}

github-actions · 2026-06-29T15:00:49Z

Coverage report

The coverage rate went from 98.07% to 97.91% ⬇️

96.87% of new lines are covered.

Diff Coverage details (click to unfold)

descope/management/user.py

100% of new lines are covered (98.58% of the complete file).