User Management

User Identity

For each user created in your project, Descope assigns a unique ID (id) to the user. This ID can be used to identify the user in your application. This unique ID cannot be changed within the Descope UI, your application, or any API call. Descope has additional attributes in the user object, such as an email, phone, and name. The loginId is used as the identifier parameter in the different SDK/API calls (sign-in, sign-up, update, etc.) and can be an email, phone, or username. If a user is trying to sign up with loginId that already exists in the system, the accounts will be merged, and user will be logged into the existing account.

Note: If you're using phone numbers as a login ID, make sure that the phone numbers are formatted properly before adding them, if using the Management SDK or User Management APIs.

Custom User Attributes

Descope allows you to create custom attributes that can store further details about your users. You can create custom attributes within the user's page under the custom attributes tab.

Custom attributes can be of various types and store any data you want to store for the user. For example, this data could be a user's date of birth, location, etc. You can later utilize these attributes within custom claims or loaded for a user and displayed them within your application.

User Invite Flow

Descope supports the ability to invite users to your application. Before you invite users, you will need to configure the User Invitation Redirect URL within Project Settings.

You can invite users singularly or in batches from the Users page. You can invite users in batches by importing a csv or json file with user details. When you invite users via email, their email is labeled as verified. After inviting a user, the user's status will be Invited. Once the user has successfully signed into your application, the user's status will change to Active. You can reinvite users by re-adding them to the users page; once reinvited, the original invite will be invalid. When creating your users, you can add them to roles. Additionally, if your application is utilizing multi-tenant, you can associate the users to the applicable tenant(s) when you invite them.

Learn more about customizing the user invite and details about user invites within this article.

User Merging

Descope supports the merging of user accounts. Merging accounts will be based on trusted email addresses. Within the Authentication Methods page of the Descope UI, Descopers can configure the Social Auth(OAuth) logins to merge with existing users. Within each of the Social Auth(OAuth) methods, Descopers can configure the merging of the users by enabling the toggle for Merge user accounts based on returned email address from provider. If the email address returned from the Social Auth(OAuth) provider matches an existing user, the Descope service will merge the accounts based on the user's email address.

Associating Multiple Login IDs for a User

Within your application, you may have users signing up or in with an email authentication method but also utilizing other ways, which use SMS or Social Login. Descope allows these different auth methods to be nested into the same user by allowing multiple login IDs to be associated with the user. Storing multiple login IDs enables the user to log in with an email auth method, SMS auth method, and Social Login; all of the login IDs will be associated with the same user. The user can then log into your application using their email address or phone number as the login ID.

When utilizing the API or SDK, if you want to enable this feature, you will use the options AddToLoginIDs and OnMergeUseExisting. Setting the AddToLoginIDs to true will enable the additional login IDs to be associated with the user. When OnMergeUseExisting is set to false, it will merge the users based on the new user's details. When OnMergeUseExisting is set to true, it will merge the users based on the existing user's details.

If you are utilizing flows, please see our Knowledge Base Article which covers implementing this feature within flows.

You can also associate multiple login Ids by utilizing the create, batch create, invite, or update functions below passing the additional login IDs parameter.

User Lifecycle

Users within Descope can be in one of three states: Active, Inactive, or Invited. An invited user can log into your application; once logged in, they will become active. Active users can log in and interact with your application based on their assigned roles. Once a user becomes deactivated, they will no longer be able to log into your application. Deactivated users will remain in the Descope project and may be reactivated if you choose to reactivate them. If you delete a user from your Descope project, the user will no longer be able to log into your application. Deleting users will remove their user details from the Descope project.

In some cases with helping a user logout, the Descoper can force a logout on the user so they can login again. This requirement arises in situations like suspicious activity where the Descoper would want to force logout the user. This will log the user out from all the devices and sessions. This can be done by a Descoper with relevant permissions. This functionality is supported both in single-user and batch user actions. The action Force Logout comes under User Management in the Descope console. For this to be done via SDKs, see this and for Backend SDK refer to this documentation.

User's JWT Update Flow

When a user's details are updated, for example additional roles are added, or other items regarding the user's details, the JWT will automatically be updated within the user's current session.

User management using the management SDK

You can use Descope management SDK for common user management operations like create user, update user, delete user, etc... The management SDK requires a management key, which can be generated here.

Install SDK

NodeJSPythonGoJavaRuby
npm i --save @descope/node-sdk
pip3 install descope
go get github.com/descope/go-sdk
// Include the following in your `pom.xml` (for Maven)
<dependency>
    <artifactId>java-sdk</artifactId>
    <groupId>com.descope</groupId>
    <version>sdk-version</version> // Check https://github.com/descope/descope-java/releases for the latest versions
</dependency>
gem install descope

Import and initialize Management SDK

NodeJSPythonGoJavaRuby
import DescopeClient from '@descope/node-sdk';

const managementKey = "xxxx"

try{
    //  baseUrl="<URL>" // When initializing the Descope clientyou can also configure the baseUrl ex: https://auth.company.com  - this is useful when you utilize CNAME within your Descope project.
    const descopeClient = DescopeClient({ projectId: '__ProjectID__', managementKey: managementKey });
} catch (error) {
    // handle the error
    console.log("failed to initialize: " + error)
}

// Note that you can handle async operation failures and capture specific errors to customize errors.
//     An example can be found here: https://github.com/descope/node-sdk?tab=readme-ov-file#error-handling
from descope import (
    REFRESH_SESSION_TOKEN_NAME,
    SESSION_TOKEN_NAME,
    AuthException,
    DeliveryMethod,
    DescopeClient,
    AssociatedTenant,
    RoleMapping,
    AttributeMapping
)

management_key = "xxxx"

try:
    # You can configure the baseURL by setting the env variable Ex: export DESCOPE_BASE_URI="https://auth.company.com  - this is useful when you utilize CNAME within your Descope project."
    descope_client = DescopeClient(project_id='__ProjectID__', management_key=management_key)
except Exception as error:
    # handle the error
    print ("failed to initialize. Error:")
    print (error)
import "github.com/descope/go-sdk/descope"
import "github.com/descope/go-sdk/descope/client"
import "fmt"

// Utilizing the context package allows for the transmission of context capabilities like cancellation
//      signals during the function call. In cases where context is absent, the context.Background()
//      function serves as a viable alternative.
//      Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
import (
	"context"
)

managementKey = "xxxx"

// DescopeBaseURL // within the client.Config, you can also configure the baseUrl ex: https://auth.company.com  - this is useful when you utilize CNAME within your Descope project.
descopeClient, err := client.NewWithConfig(&client.Config{ProjectID:"__ProjectID__", managementKey:managementKey})
if err != nil {
    // handle the error
    log.Println("failed to initialize: " + err.Error())
}
import com.descope.client;

// Initialized after setting the DESCOPE_PROJECT_ID env var (and optionally DESCOPE_MANAGEMENT_KEY)
var descopeClient = new DescopeClient();

// ** Or directly **
var descopeClient = new DescopeClient(Config.builder()
        .projectId("__ProjectID__")
        .managementKey("management-key")
        .build());
require 'descope'


descope_client = Descope::Client.new(
  {
    project_id: '__ProjectID__',
    management_key: 'management_key'
  }
)

Create User

This operation creates a new user within the project with the details provided. Create will not send an invite. If you want to send an invite on creation, use Invite User.
NodeJSPythonGoJava
// Args:
//    loginId (str): user login_id.
//    email (str): Optional user email address.
//    phone (str): Optional user phone number.
//    displayName (str): Optional user display name.
const user = {"loginId": "email@company.com", "displayName": "Joe Person", "phone": "+15555555555", "email": "email@company.com"}
//    userTenants (List[UserTenants]): An optional list of the user's tenants, and optionally, their roles per tenant. These roles are mutually exclusive with the general `role_names`, and take precedence over them.
const userTenants = [{ tenantId: 'TestTenant', roleNames: ['TestRole'] }]
//    roleNames (List[str]): An optional list of the user's roles without tenant association. These roles are mutually exclusive with the `user_tenant` roles, which take precedence over them.
const roleNames = ["TestRole1"]
//   customAttributes (dict): Optional, set the different custom attributes values of the keys that were previously configured in Descope console app
const customAttributes = {"attribute1": "Value 1", "attribute2": "Value 2"}
//   picture (str): Optional url for user picture
const picture = "xxxx"
//   verifiedEmail (bool): Set to true for the user to be able to login with the email address.
const verifiedEmail = true // or false
//   verifiedPhone (bool): Set to true for the user to be able to login with the phone number.
const verifiedPhone = true // or false
//   additionalLoginIds (optional List[str]): An optional list of additional login IDs to associate with the user
const additionalLoginIds = ["MyUserName", "+12223334455"]

// A user must have a login ID, other fields are optional. Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
const resp = await descopeClient.management.user.create(
  user["loginId"],
  user["email"],
  user["phone"],
  user["displayName"],
  roles,
  null, // userTenants if applicable
  customAttributes,
  null // picture if applicable,
  verifiedEmail,
  verifiedPhone,
  additionalLoginIds
);
if (!resp.ok) {
  console.log("Failed to create user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully created user.")
  console.log(resp.data)
}
# Args:
#    login_id (str): user login_id.
#    email (str): Optional user email address.
#    phone (str): Optional user phone number.
#    display_name (str): Optional user display name.
user = {"login_id": "email@company.com", "display_name": "Joe Person", "phone": "+15555555555", "email": "email@company.com"}
#    role_names (List[str]): An optional list of the user's roles without tenant association. These roles are mutually exclusive with the `user_tenant` roles, which take precedence over them.
role_names=["TestRole"]
#    user_tenants (List[UserTenants]): An optional list of the user's tenants, and optionally, their roles per tenant. These roles are mutually exclusive with the general `role_names`, and take precedence over them.
user_tenants=[AssociatedTenant("TestTenant")]
#   picture (str): Optional url for user picture
picture = "xxxx"
#   custom_attributes (dict): Optional, set the different custom attributes values of the keys that were previously configured in Descope console app
custom_attributes = {"attribute1": "Value 1", "attribute2": "Value 2"}
#   verified_email (bool): Set to true for the user to be able to login with the email address.
verified_email = true // or false
#   verifiedPhone (bool): Set to true for the user to be able to login with the phone number.
verified_phone = true // or false
#   additional_login_ids (optional List[str]): An optional list of additional login IDs to associate with the user
additional_login_ids = ["MyUserName", "+12223334455"]

# A user must have a login ID, other fields are optional. Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
try:
  resp = descope_client.mgmt.user.create(
      login_id=user["login_id"],
      email=user["email"],
      display_name=user["display_name"],
      phone=user["phone"],
      # You can update user_tenants or role_names, not both in the same action
      # user_tenants=user_tenants,
      role_names=role_names,
      picture=picture,
      custom_attributes=custom_attributes,
      verified_email=verified_email,
      verified_phone=verified_phone,
      additional_login_ids=additional_login_ids
  )
  print ("Successfully created user.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to create user.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    loginID (str): user loginID.
loginID := "email@company.com"
//    userRequest (UserRequest): A completed descope structure with applicable details for the user
userReq := &descope.UserRequest{}
userReq.Email = "email@company.com"
userReq.Name = "Joe Person"
userReq.Roles = nil // or []string{"TestRole1","TestRole2"} however, if roles is given, Tenants should then be nil
userReq.Tenants = []*descope.AssociatedTenant{{TenantID: "TestTenant"}}
userReq.CustomAttributes = map[string]any{"attribute1": "Value 1", "attribute2": "Value 2"}
userReq.Picture = "xxxx"
VerifiedEmail := true // or false
userReq.VerifiedEmail = &VerifiedEmail
VerifiedPhone := true // or false
userReq.VerifiedPhone = &VerifiedPhone
userReq.AdditionalLoginIds = ["MyUserName", "+12223334455"]

// A user must have a login ID, other fields are optional. Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.

_, err := descopeClient.Management.User().Create(ctx, loginID, userReq)
if (err != nil){
  fmt.Println("Unable to create user: ", err)
} else {
  fmt.Println("User Successfully created.")
}
// A user must have a loginID, other fields are optional.
// Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
UserService us = descopeClient.getManagementServices().getUserService();
try {
    us.create("email@company.com", UserRequest.builder()
            .email("email@company.com")
            .displayName("Joe Person")
            .tenants(Arrays.asList(
                AssociatedTenant.builder()
                    .tenantId("tenant-ID1")
                    .roleNames(Arrays.asList("role-name1"),
                AssociatedTenant.builder()
                    .tenantId("tenant-ID2"))))
            .additionalLoginIDs("MyUserName", "+12223334455"));
} catch (DescopeException de) {
    // Handle the error
}

Batch Create Users

This operation batch creates (optionally invites) new users within the project with the details provided. Create will not send an invite. If you want to send an invite on creation, use Invite User.
NodeJSPythonGoJava
// Args:
//    users (array of Descope Users)
//      loginId (str): user login_id.
//      email (str): Optional user email address.
//      phone (str): Optional user phone number.
//      displayName (str): Optional user display name.
//      roles (List[str]): An optional list of the user's roles without tenant association. These roles are mutually exclusive with the `user_tenant` roles, which take precedence over them.
//      userTenants (List[UserTenants]): An optional list of the user's tenants, and optionally, their roles per tenant. These roles are mutually exclusive with the general `role_names`, and take precedence over them.
//      customAttributes (dict): Optional, set the different custom attributes values of the keys that were previously configured in Descope console app
//      picture (str): Optional url for user picture
//      verifiedEmail (bool): Set to true for the user to be able to login with the email address.
//      verifiedPhone (bool): Set to true for the user to be able to login with the phone number.
//      test (bool): Set to true if creating a test user, otherwise false
//      additionalLoginIds (optional List[str]): An optional list of additional login IDs to associate with the user
const users = [
  {
    loginId: 'email2@company.com',
    email: 'email2@company.com',
    phone: '+15555555555',
    displayName: 'Joe Person',
    userTenants: [{ tenantId: 'TestTenant', roleNames: ['TestRole'] }],
    customAttributes: {"attribute1": "Value 1", "attribute2": "Value 2"},
    picture: "https://xxxx.co/img",
    verifiedEmail: true,
    verifiedPhone: true,
    test: false,
    additionalLoginIds = ["MyUserName", "+12223334455"]
  },
  {
    loginId: 'email@company.com',
    email: 'email@company.com',
    phone: '+15556667777',
    displayName: 'Desmond Copeland',
    userTenants: [{ tenantId: 'TestTenant', roleNames: ['TestRole'] }],
    customAttributes: {"attribute1": "Value 1", "attribute2": "Value 2"},
    picture: "https://xxxx.co/img",
    verifiedEmail: true,
    verifiedPhone: true,
    test: false,
    additionalLoginIds = ["MyUserName", "+12223334455"]
  }
]
//    sendMail (bool): true or false for sending invite via email
const sendMail = true
//    sendSMS (bool): true or false for sending invite via SMS
const sendSMS = false
//    inviteUrl // URL to include in user invitation for the user to sign in with
const inviteUrl = "https://company.com/sign-in"

const resp = await descopeClient.management.user.inviteBatch(
  users,
  inviteUrl,
  sendMail,
  sendSMS
);
if (!resp.ok) {
  console.log("Failed to batch create invite users.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully batch created users.")
  console.log(resp.data)
}
# Args:
#    users (array of Descope Users)
#      login_id (str): user login_id.
#      email (str): Optional user email address.
#      phone (str): Optional user phone number.
#      display_name (str): Optional user display name.
#      roles (List[str]): An optional list of the user's roles without tenant association. These roles are mutually exclusive with the `user_tenant` roles, which take precedence over them.
#      user_tenants (List[UserTenants]): An optional list of the user's tenants, and optionally, their roles per tenant. These roles are mutually exclusive with the general `role_names`, and take precedence over them.
#      custom_attributes (dict): Optional, set the different custom attributes values of the keys that were previously configured in Descope console app
#      picture (str): Optional url for user picture
#      verified_email (bool): Set to true for the user to be able to login with the email address.
#      verified_phone (bool): Set to true for the user to be able to login with the phone number.
#      test (bool): Set to true if creating a test user, otherwise false
#      additional_login_ids (optional List[str]): An optional list of additional login IDs to associate with the user
users = [
  {
    login_id: 'email2@company.com',
    email: 'email2@company.com',
    phone: '+15555555555',
    display_name: 'Joe Person',
    user_tenants: [{ tenantId: 'TestTenant', roleNames: ['TestRole'] }],
    custom_attributes: {"attribute1": "Value 1", "attribute2": "Value 2"},
    picture: "https:#xxxx.co/img",
    verified_email: true,
    verified_phone: true,
    test: false,
    additional_login_ids = ["MyUserName", "+12223334455"]
  },
  {
    login_id: 'email@company.com',
    email: 'email@company.com',
    phone: '+15556667777',
    display_name: 'Desmond Copeland',
    user_tenants: [{ tenantId: 'TestTenant', roleNames: ['TestRole'] }],
    custom_attributes: {"attribute1": "Value 1", "attribute2": "Value 2"},
    picture: "https:#xxxx.co/img",
    verified_email: true,
    verified_phone: true,
    test: false,
    additional_login_ids = ["MyUserName", "+12223334455"]
    }
]
#    invite_url # URL to include in user invitation for the user to sign in with
invite_url = "https:#company.com/sign-in"
#    send_mail (bool): true or false for sending invite via email
send_mail = true
#    send_sms (bool): true or false for sending invite via SMS
send_sms = false

try:
  resp = descope_client.mgmt.user.invite_batch(
      users=users,
      invite_url=invite_url,
      send_mail=send_mail,
      send_sms=send_sms
  )
  print ("Successfully batch invited users.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to batch invite users.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    Options (descope.InviteOptions): Invite options including URL, sendSMS and/or sendEmail
Options := &descope.InviteOptions{InviteURL: "https://company.com/signIn", sendSMS: false, sendEmail: true}
//    BatchUsers (descope.BatchUser)
BatchUsers := []*descope.BatchUser{}

VerifiedEmail := new(bool)
*VerifiedEmail = true
VerifiedPhone := new(bool)
*VerifiedPhone = false

u1 := &descope.BatchUser{}
u1.LoginID = "email2@company.com"
u1.Email = "email2@company.com"
u1.Tenants = []*descope.AssociatedTenant{{TenantID: "TestTenant"}}
u1.CustomAttributes = map[string]any{"attribute1": "Value 1", "attribute2": "Value 2"}
//u1.Picture = "xxxx"
u1.VerifiedEmail = VerifiedEmail
u1.VerifiedPhone = VerifiedPhone
u2.AdditionalLoginIds = ["MyUserName", "+12223334455"]

u2 := &descope.BatchUser{}
u2.LoginID = "email@company.com"
u2.Email = "email@company.com"
u2.Tenants = []*descope.AssociatedTenant{{TenantID: "TestTenant"}}
u2.CustomAttributes = map[string]any{"attribute1": "Value 1", "attribute2": "Value 2"}
//u1.Picture = "xxxx"
u1.VerifiedEmail = VerifiedEmail
u2.VerifiedPhone = VerifiedPhone
u2.AdditionalLoginIds = ["MyUserName", "+12223334455"]

BatchUsers = append(BatchUsers, u1, u2)
res, err := descopeClient.Management.User().InviteBatch(ctx, BatchUsers, options)
if (err != nil){
  fmt.Println("Unable to invite user: ", err)
} else {
  fmt.Println("User Successfully invited: ", res)
}
// Pending Release

Invite User

This operation creates a new user within the project with the details provided. This method also sends the invite to the user.

Note: when inviting users from the SDK, the default connector and template configured within Project Settings will be used.

NodeJSPythonGoJava
// Args:
//    loginId (str): user login_id.
//    email (str): Optional user email address.
//    phone (str): Optional user phone number.
//    displayName (str): Optional user display name.
const user = {"loginId": "email@company.com", "displayName": "Joe Person", "phone": "+", "email": "email@company.com"}
//    userTenants (List[UserTenants]): An optional list of the user's tenants, and optionally, their roles per tenant. These roles are mutually exclusive with the general `role_names`, and take precedence over them.
const userTenants = [{ tenantId: 'TestTenant', roleNames: ['TestRole'] }]
//    roleNames (List[str]): An optional list of the user's roles without tenant association. These roles are mutually exclusive with the `user_tenant` roles, which take precedence over them.
const roleNames = ["TestRole1"]
//   customAttributes (dict): Optional, set the different custom attributes values of the keys that were previously configured in Descope console app
const customAttributes = {"attribute1": "Value 1", "attribute2": "Value 2"}
//   templateOptions (dict): Optional, set different template options values of the keys
const templateOptions = {"option1": "Value 1", "option2": "Value 2"}
//   picture (str): Optional url for user picture
const picture = "xxxx"
//   verifiedEmail (bool): Set to true for the user to be able to login with the email address.
const verifiedEmail = true // or false
//   verifiedPhone (bool): Set to true for the user to be able to login with the phone number.
const verifiedPhone = true // or false
//   inviteUrl // URL to include in user invitation for the user to sign in with
const inviteUrl = "https://company.com/sign-in"
//    sendMail (bool): true or false for sending invite via email
const sendMail = true
//    sendSMS (bool): true or false for sending invite via SMS
const sendSMS = false
//   additionalLoginIds (optional List[str]): An optional list of additional login IDs to associate with the user
const additionalLoginIds = ["MyUserName", "+12223334455"]

// A user must have a login ID, other fields are optional. Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
const resp = await descopeClient.management.user.invite(
  user["loginId"],
  user["email"],
  user["phone"],
  user["displayName"],
  roles,
  null, // userTenants if applicable
  customAttributes,
  templateOptions,
  null // picture if applicable,
  verifiedEmail,
  verifiedPhone,
  inviteUrl,
  sendMail,
  sendSMS,
  additionalLoginIds
);
if (!resp.ok) {
  console.log("Failed to invite user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully invited user.")
  console.log(resp.data)
}
# Args:
#    login_id (str): user login_id.
#    email (str): Optional user email address.
#    phone (str): Optional user phone number.
#    display_name (str): Optional user display name.
user = {"login_id": "email@company.com", "display_name": "Joe Person", "phone": "+15555555555", "email": "email@company.com"}
#    role_names (List[str]): An optional list of the user's roles without tenant association. These roles are mutually exclusive with the `user_tenant` roles, which take precedence over them.
role_names=["TestRole"]
#    user_tenants (List[UserTenants]): An optional list of the user's tenants, and optionally, their roles per tenant. These roles are mutually exclusive with the general `role_names`, and take precedence over them.
user_tenants=[AssociatedTenant("TestTenant")]
#   picture (str): Optional url for user picture
picture = "xxxx"
#   custom_attributes (dict): Optional, set the different custom attributes values of the keys that were previously configured in Descope console app
custom_attributes = {"attribute1": "Value 1", "attribute2": "Value 2"}
#   verified_email (bool): Set to true for the user to be able to login with the email address.
verified_email = true // or false
#   verifiedPhone (bool): Set to true for the user to be able to login with the phone number.
verified_phone = true // or false
#   invite_url // URL to include in user invitation for the user to sign in with
invite_url = "https://company.com/sign-in"
#   send_mail (bool): true or false for sending invite via email
send_mail = true
#   send_sms (bool): true or false for sending invite via SMS
send_sms = false
#   additional_login_ids (optional List[str]): An optional list of additional login IDs to associate with the user
additional_login_ids = ["MyUserName", "+12223334455"]

# A user must have a login ID, other fields are optional. Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
try:
  resp = descope_client.mgmt.user.invite(
      login_id=user["login_id"],
      email=user["email"],
      display_name=user["display_name"],
      phone=user["phone"],
      # You can update user_tenants or role_names, not both in the same action
      # user_tenants=user_tenants,
      role_names=role_names,
      picture=picture,
      custom_attributes=custom_attributes,
      verified_email=verified_email,
      verified_phone=verified_phone,
      invite_url=invite_url,
      send_mail = send_mail,
      send_sms = send_sms,
      additional_login_ids=additional_login_ids
  )
  print ("Successfully invited user.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to invite user.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    loginID (str): user loginID.
loginID := "email@company.com"
//    userRequest (UserRequest): A completed descope structure with applicable details for the user
userReq := &descope.UserRequest{}
userReq.Email = "email@company.com"
userReq.Name = "Joe Person"
userReq.Roles = nil // or []string{"TestRole1","TestRole2"} however, if roles is given, Tenants should then be nil
userReq.Tenants = []*descope.AssociatedTenant{{TenantID: "TestTenant"}}
userReq.CustomAttributes = map[string]any{"attribute1": "Value 1", "attribute2": "Value 2"}
userReq.TemplateOptions = map[string]any{"option1": "Value 1", "option2": "Value 2"}
userReq.Picture = "xxxx"
VerifiedEmail := true // or false
userReq.VerifiedEmail = &VerifiedEmail
VerifiedPhone := true // or false
userReq.VerifiedPhone = &VerifiedPhone
userReq.AdditionalLoginIds = ["MyUserName", "+12223334455"]

//    invite options (&descope.InviteOptions{}): Details of the invite configuration including inviteURL
inviteOptions := &descope.InviteOptions{InviteURL: "https://company.com/signIn", sendSMS: false, sendEmail: true}
// A user must have a login ID, other fields are optional. Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.

res, err := descopeClient.Management.User().Invite(ctx, loginID, userReq, inviteOptions)
if (err != nil){
  fmt.Println("Unable to invite user: ", err)
} else {
  fmt.Println("User Successfully invited: ", res)
}
// A user must have a loginID, other fields are optional.
// Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
UserService us = descopeClient.getManagementServices().getUserService();
// Alternatively, a user can be created and invited via an email message.
// You can configure the invite URL in the Descope console prior to using this function, or pass inviteUrl in the options parameter.
// and that an email address is provided in the information.
try {
    us.invite("email@company.com",
						UserRequest.builder()
            .email("email@company.com")
            .displayName("Joe Person")
            .tenants(Arrays.asList(
                AssociatedTenant.builder()
                    .tenantId("tenant-ID1")
                    .roleNames(Arrays.asList("role-name1"),
                AssociatedTenant.builder()
                    .tenantId("tenant-ID2")))),
						InviteOptions.builder()
						.inviteUrl("https://my-app.com/invite"),
            .sendSMS(false),
            .sendMail(true)
            .additionalLoginIDs("MyUserName", "+12223334455")
					);
} catch (DescopeException de) {
    // Handle the error
}

Update User

This operation updates an existing user with the details provided. It is important to note that all parameters are used as overrides to the existing user; empty fields will override populated fields.

NodeJSPythonGoJava
// Args:
//     loginId (str): The login_id of the user to update.
//     email (str): Optional user email address.
//     phoneNumber (str): Optional user phone number.
//     displayName (str): Optional user display name.
const user = {"loginId": "email@company.com", "displayName": "Joe Person", "phone": "+15555555555", "email": "email@company.com"}
//     userTenants (List[UserTenants]): An optional list of the user's tenants, and optionally, their roles per tenant. These roles are mutually exclusive with the general `role_names`, and take precedence over them.
const userTenants = [{ tenantId: 'TestTenant2', roleNames: ['TestRole1'] }]
//     roleNames (List[str]): An optional list of the user's roles without tenant association. These roles are mutually exclusive with the `user_tenant` roles, which take precedence over the general roles.
const roleNames = ["TestRole1", "TestRole2", "TestRole3"]
//    customAttributes: Record<string, AttributesTypes>: Update users with certain custom attributes
const customAttributes = {"mycustomattribute": "Test"}
//   picture (str): Optional url to user avatar. Leave empty to remove.
const picture = "https://example.com/picture.png"
//   verifiedEmail (bool): Set to true for the user to be able to login with the email address.
const verifiedEmail = true // or false
//   verifiedPhone (bool): Set to true for the user to be able to login with the phone number.
const verifiedPhone = true // or false
const newPhone = "+12222222222"
const newEmail = "updateEmail@email.com"
//   additionalLoginIds (optional List[str]): An optional list of additional login IDs to associate with the user
const additionalLoginIds = ["MyUserName", "+12223334455"]

const resp = await descopeClient.management.user.update(
  user["loginId"],
  newEmail,
  newPhone,
  user["displayName"],
  // You can update with userTenants or roles, not both in the same action
  roles,
  null, // userTenants,
  customAttributes,
  picture,
  verifiedEmail,
  verifiedPhone,
  additionalLoginIds
);
if (!resp.ok) {
  console.log("Failed to update user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user.")
  console.log(resp.data)
}
# Args:
#     login_id (str): The login_id of the user to update.
#     email (str): Optional user email address.
#     phone (str): Optional user phone number.
#     display_name (str): Optional user display name.
user = {"login_id": "email@company.com", "display_name": "Joe Person", "phone": "+15555555555", "email": "email@company.com"}
#     role_names (List[str]): An optional list of the user's roles without tenant association. These roles are mutually exclusive with the `user_tenant` roles, which take precedence over the general roles.
#     custom_attributes: Record<string, AttributesTypes>: Updates users with certain custom attributes
custom_attributes = {"mycustomattribute": "Test"}
#     picture (str): Optional url to user avatar. Leave empty to remove.
picture = "https://example.com/picture.png"
#   verified_email (bool): Set to true for the user to be able to login with the email address.
verified_email = True # or False
#   verified_phone (bool): Set to true for the user to be able to login with the phone number.
verified_phone = True # or False
new_phone = "+12222222222"
new_email = "updateEmail@email.com"
#   additional_login_ids (optional List[str]): An optional list of additional login IDs to associate with the user
additional_login_ids = ["MyUserName", "+12223334455"]

try:
  resp = descope_client.mgmt.user.update(
    login_id=user["login_id"],
    email=new_email,
    display_name=user["display_name"],
    phone=new_phone,
    # You can update user_tenants or role_names, not both in the same action
    role_names=["TestyTester"],
    # user_tenants=[AssociatedTenant("testWithID")],
    picture=picture,
    custom_attributes=custom_attributes,
    verified_email=verified_email,
    verified_phone=verified_phone,
    additional_login_ids=additional_login_ids
  )
  print ("Successfully updated user. New user info:")
  # Display Updates
  try:
    resp = descope_client.mgmt.user.load(login_id=user["login_id"])
    print ("Successfully loaded user.")
    print(json.dumps(resp, indent=2))
  except AuthException as error:
      print ("Unable to load user after update.")
      print ("Status Code: " + str(error.status_code))
      print ("Error: " + str(error.error_message))
except AuthException as error:
  print ("Unable to update user.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    loginID (str): user loginID.
loginID := "email@company.com"
//    userRequest (UserRequest): A completed descope structure with applicable details for the user
userReq := &descope.UserRequest{}
userReq.Email = "email@company.com"
userReq.Name = "Joe Person"
userReq.Phone = "+12223334455"
userReq.Roles = nil // or []string{"TestRole1","TestRole2"} however, if roles is given, Tenants should then be nil
userReq.Tenants = []*descope.AssociatedTenant{{TenantID: "TestTenant"}}
userReq.CustomAttributes = map[string]any{"mycustomattribute": "Test"}
userReq.Picture = "https://example.com/picture.png"
VerifiedEmail := true // or false
userReq.VerifiedEmail = &VerifiedEmail
VerifiedPhone := true // or false
userReq.VerifiedPhone = &VerifiedPhone
userReq.AdditionalLoginIds = ["MyUserName", "+12223334455"]

res, err := descopeClient.Management.User().Update(ctx, loginID, userReq)
if (err != nil){
  fmt.Println("Unable to update user: ", err)
} else {
  fmt.Println("User Successfully updated", res)
}
// A user must have a loginID, other fields are optional.
UserService us = descopeClient.getManagementServices().getUserService();
// Update will override all fields as is. Use carefully.
try {
    us.update("email@company.com", UserRequest.builder()
            .email("email@company.com")
            .displayName("Joe Person")
            .tenants(Arrays.asList(
                AssociatedTenant.builder()
                    .tenantId("tenant-ID1")
                    .roleNames(Arrays.asList("role-name1"),
                AssociatedTenant.builder()
                    .tenantId("tenant-ID2"))))
            .additionalLoginIDs("MyUserName", "+12223334455"));
} catch (DescopeException de) {
    // Handle the error
}

Load Existing User Details

This operation loads the details of an existing user.

Note: Suppose you frequently load a user for a specific user detail, such as their email address or a particular custom attribute. In that case, you can save execution time and additional API/SDK calls to load the user by adding the items to the custom claim. For details on adding items to the custom claims, see this documentation.

NodeJSPythonGoJava
// Args:
//    loginId (str): The login_id of the user to be loaded.
const loginId = "xxxx"

let resp = await descopeClient.management.user.load(loginId)
if (!resp.ok) {
  console.log("Failed to load user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully loaded user.")
  console.log(resp.data)
}

// If needed, users can be loaded using the user_id as well. The response is the same as above.
const userId = "xxxx"

resp = await descopeClient.management.user.loadByUserId(userId)
if (!resp.ok) {
  console.log("Failed to load user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully loaded user.")
  console.log(resp.data)
}
# Args:
#    login_id (str): The login_id of the user to be loaded.
login_id = "xxxx"

try:
    resp = descope_client.mgmt.user.load(login_id=login_id)
    print ("Successfully loaded user.")
    print(json.dumps(resp, indent=2))
except AuthException as error:
    print ("Unable to load user.")
    print ("Status Code: " + str(error.status_code))
    print ("Error: " + str(error.error_message))

# If needed, users can be loaded using the user_id as well. The response is the same as above.
user_id = "xxxx"

try:
    user_resp = descope_client.mgmt.user.load_by_user_id(user_id=user_id)
    print ("Successfully loaded user.")
    print(json.dumps(resp, indent=2))
except AuthException as error:
    print ("Unable to load user.")
    print ("Status Code: " + str(error.status_code))
    print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    loginID (str): The loginID of the user to be loaded.
loginID := "xxxx"

res, err := descopeClient.Management.User().Load(ctx, loginID)
if (err != nil){
  fmt.Println("Unable to load user: ", err)
} else {
  fmt.Println("User Successfully loaded: ", res)
}

// If needed, users can be loaded using the userID as well. The response is the same as above.
userID = "xxxx"

res, err := descopeClient.Management.User().LoadByUserID(ctx, userID)
if (err != nil){
  fmt.Println("Unable to load user: ", err)
} else {
  fmt.Println("User Successfully loaded: ", res)
}
// A user must have a loginID, other fields are optional.
UserService us = descopeClient.getManagementServices().getUserService();
// If needed, users can be loaded using their ID as well
try {
    us.loadByUserId("<user-id>");
} catch (DescopeException de) {
    // Handle the error
}

Get User's Login History

Retrieve users' authentication history, by the given user's ids.

NodeJSPythonGoJava
// Args:
//    userIds (list[str]): user IDs to load history for.
const userIds = ["xxxx", "yyyy"]


const resp = await descopeClient.management.user.history(userIds);
if (!resp.ok) {
  console.log("Failed to load users history.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully loaded users history.")
  console.log(resp.data)
}
# Args:
#    user_ids (list[str]): user IDs to load history for.
user_ids = ["xxxx", "yyyy"]

try:
  resp = descope_client.mgmt.user.history(user_ids=user_ids)
  print ("Successfully loaded users history.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Failed to load users history.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    userIds (list[str]): user IDs to load history for.
userIds := ["xxxx", "yyyy"]

res, err := descopeClient.Management.User().History(ctx, userIds)
if (err != nil){
  fmt.Println("Failed to load users history. ", err)
} else {
  fmt.Println("Successfully loaded users history. ")
  for _, u := range res {
    fmt.Println(u)
  }
}
UserService us = descopeClient.getManagementServices().getUserService();
try {
    us.history(["xxxx", "yyyy"]);
} catch (DescopeException de) {
    // Handle the error
}

Load Existing User's Provider Token

This operation loads the user's access token generated by the OAuth/OIDC provider, using a valid management key. When querying for OAuth providers, this only applies when utilizing your own account with the provider and have selected Manage tokens from provider selected under the social auth methods.
NodeJSPythonGo
// Args:
//    loginId (str): The login_id of the user to be loaded.
const loginId = "xxxx"
//    provider (str): The provider name (google, facebook, etc')
const provider = "google"

const resp = await descopeClient.management.user.getProviderToken(loginId, provider)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to load user's provider token.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully loaded user's provider token.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login_id of the user to be loaded.
login_id = "xxxx"
#   provider (str): The provider name (google, facebook, etc')
provider = "google"

try:
  resp = descope_client.mgmt.user.get_provider_token(login_id=login_id, provider=provider)
  print ("Successfully loaded user's provider token.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to load user's provider token.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    loginID (str): The loginID of the user to be loaded.
loginID := "xxxx"
//    provider (str): The provider name (google, facebook, etc')
provider := "google"

res, err := descopeClient.Management.User().GetProviderToken(ctx, loginID, provider)
if (err != nil){
  fmt.Println("Unable to load user's provider token: ", err)
} else {
  fmt.Println("Successfully loaded user's provider token.", res)
}

Search Users

This operation returns user details based on the applicable search.

NodeJSPythonGoJava
// Args:
//  tenantIds (List[str]): Optional list of tenant IDs to filter by
const tenantIds = ["Test1", "Test2", "Test3"]
//  roleNames (List[str]): Optional list of role names to filter by
const roleNames = ["TestRole1", "TestRole2", "TestRole3"]
//  limit (int): Optional limit of the number of users returned. Leave empty for default.
const limit = 1
//   page (int): Optional pagination control. Pages start at 0 and must be non-negative.
const page = 0
//    testUsersOnly: boolean: Given true, it will only return test users.
const testUsersOnly = false
//    withTestUser: boolean: Given true, it will also return test users. False will omit test users.
const withTestUser = true
//    customAttributes: Record<string, AttributesTypes>: Searches users with certain custom attributes
const customAttributes = {"mycustomattribute": "Test"}
//    statuses (List[str]): a list of statuses to search users for, the options are: "invited", "enabled", "disabled"
const statuses = ["invited", "enabled", "disabled"]
//    emails (List[str]): Optional list of emails to search for
const emails = ["email@company.com"]
//    phones (List[str]): Optional list of phones to search for
const phones = ["+12223334444"]

// Search all users with no filter: let resp = await descopeClient.management.user.searchAll()
// Search all users with limit filter:   let resp = await descopeClient.management.user.searchAll(null, null, limit, null, null, null, null)
// Search all users with tenant filter:   let resp = await descopeClient.management.user.searchAll(tenantIds, null, null, null, null, null, null)
// Search all users with role filter:   let resp = await descopeClient.management.user.searchAll(null, roleNames, null, null, null, null, null)
// Search all users with a combination of filters:
let resp = await descopeClient.management.user.searchAll(tenantIds, roleNames, limit, page, testUsersOnly, withTestUser, customAttributes, statuses, emails, phones)
if (!resp.ok) {
  console.log("Failed to search users.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully searched users.")
  console.log(resp.data)
}
# Args:
#  tenant_ids (List[str]): Optional list of tenant IDs to filter by
tenant_ids = ["Test1", "Test2", "Test3"]
#  role_names (List[str]): Optional list of role names to filter by
role_names = ["TestRole1", "TestRole2", "TestRole3"]
#  limit (int): Optional limit of the number of users returned. Leave empty for default.
limit = 1
#   page (int): Optional pagination control. Pages start at 0 and must be non-negative.
page = 0
#   test_users_only: boolean: Given true, it will only return test users.
test_users_only = False
#   with_test_user: boolean: Given true, it will also return test users. False will omit test users.
with_test_user = True
#   custom_attributes: dict: Searches users with certain custom attributes
custom_attributes = {"mycustomattribute": "Test"}
#   statuses (List[str]): a list of statuses to search users for, the options are: "invited", "enabled", "disabled"
statuses = ["invited", "enabled", "disabled"]
#   emails (List[str]): Optional list of emails to search for
emails = ["email@company.com"]
#   phones (List[str]): Optional list of phones to search for
phones = ["+12223334444"]

try:
    # Search all users with no filter: resp = descope_client.mgmt.user.search_all()
    # Search all users with limit filter: resp = descope_client.mgmt.user.search_all(limit=limit)
    # Search all users with tenant filter: resp = descope_client.mgmt.user.search_all(tenant_ids=tenant_ids)
    # Search all users with role filter: resp = descope_client.mgmt.user.search_all(role_names=role_names)
    # Search all users with a combination of filters:
    resp = descope_client.mgmt.user.search_all(tenant_ids=tenant_ids, role_names=role_names, limit=limit, page=page, test_users_only=test_users_only, with_test_user=with_test_user, custom_attributes=custom_attributes, statuses=statuses, emails=emails, phones=phones)
    print ("Successfully searched users.")
    users = resp["users"]
    for user in users:
        print(print(json.dumps(user, indent=2)))
except AuthException as error:
    print ("Unable to search users.")
    print ("Status Code: " + str(error.status_code))
    print ("Error: " + str(error.error_message))
// Args:
// Args:
//  ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//  searchOptions: Options for searching and filtering users
//      TenantIds(List[str]): Optional list of tenant IDs to filter by
//      Roles (List[str]): Optional list of role names to filter by
//      Limit (int32): Optional limit of the number of users returned. Leave empty for default.
//      Page (int): The page parameter allow to paginate over the results. Pages start at 0 and must non-negative.
//      WithTestUsers: boolean: Given true, it will also return test users. False will omit test users.
//      TestUsersOnly: boolean: Given true, it will only return test users.
//      CustomAttributes: map[string]any: Searches users with certain custom attributes
//      Emails (List[str]): Optional list of emails to search for
//      Phones (List[str]): Optional list of phones to search for
//    Note - you can leave any of these items as nil as to not filter on them as well.

searchOptions := &descope.UserSearchOptions{
  TenantIDs: []string{"Test1", "Test2", "Test3"},
  Roles: []string{"TestRole1", "TestRole2", "TestRole3"},
  Limit: 5,
  Statuses: []descope.UserStatus{"invited", "enabled", "disabled"},
  Page: 0,
  WithTestUsers: true,
  TestUsersOnly: false,
  CustomAttributes: map[string]any{"mycustomattribute": "Test"},
  Emails: []string{"email@company.com"},
	Phones: []string{"+12223334444"}
}

res, err := descopeClient.Management.User().SearchAll(ctx, searchOptions)
if (err != nil){
  fmt.Println("Unable to search users: ", err)
} else {
  fmt.Println("Successfully searched users: ")
  for _, u := range res {
    fmt.Println(u)
  }
}
// A user must have a loginID, other fields are optional.
// Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
UserService us = descopeClient.getManagementServices().getUserService();
// Search all users, optionally according to tenant and/or role filter
// Results can be paginated using the limit and page parameters
try {
    List<AllUsersResponsibleDetails> users = us.searchAll(UserRequest.builder()
            .tenants(Arrays.asList(
                AssociatedTenant.builder()
                    .tenantId("tenant-ID1"),
                AssociatedTenant.builder()
                    .tenantId("tenant-ID2"))));
    for (AllUsersResponsibleDetails u : users) {
        // Do something
    }
}

Update a User's Email Address

This operation allows administrators to update a user's email address.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user to update the email for.
const loginId = "xxxx"
//   email (str): The new email address for the user. Leave empty to remove.
const email = "xxxx@xxxxxx.xxx"
//   verified (bool): Set to true for the user to be able to login with the email address.
const verified = true // or false

let resp = await descopeClient.management.user.updateEmail(loginId, email, verified)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to update user's email address.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user's email address.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update the email for.
login_id = "xxxx"
#   email (str): The new email address for the user. Leave empty to remove.
email = "xxxx@xxxxxx.xxx"
#   verified (bool): Set to true for the user to be able to login with the email address.
verified = True # or False

try:
  resp = descope_client.mgmt.user.update_email(login_id=login_id, email=email, verified=verified)
  print ("Successfully updated user's email address.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to update user's email address.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update the email for.
loginID := "xxxx"
//   email (str): The new email address for the user. Leave empty to remove.
email := "xxxx@xxxxxx.xxx"
//   verified (bool): Set to true for the user to be able to login with the email address.
verified := true // or false

res, err := descopeClient.Management.User().UpdateEmail(ctx, loginID, email, verified)
if (err != nil){
  fmt.Println("Unable to update user's email address: ", err)
} else {
  fmt.Println("Successfully updated user's email address: ", res)
}
// A user must have a loginID, other fields are optional.
// Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
UserService us = descopeClient.getManagementServices().getUserService();

// Update will override all fields as is. Use carefully.
try {
    us.update("email@company.com", UserRequest.builder()
					.email("email@company.com")
					.displayName("Joe Person")
					.loginId("<login_id>")
					.phone("980-012-1234")
					.build());
} catch (DescopeException de) {
    // Handle the error
}

Update a User's Login ID

This operation allows administrators to update a user's Login ID. If you'd like to remove a login ID, provide an empty string for the new login ID.

NodeJSPythonGoJava
// Args:
//   login_id (str): The login ID of the user to update the Login ID for.
const loginId = "xxxx"
//   new_login_id (str): New login ID to set for the user.
const newLoginId = "xxxx"

const resp = await descopeClient.management.user.updateLoginId(loginId, newLoginId)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to update user's Login ID.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user's Login ID.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update the Login ID for.
login_id = "xxxx"
#   new_login_id (str): New login ID to set for the user.
new_login_id = "xxxx"

try:
  resp = descope_client.mgmt.user.update_login_id(login_id=login_id, new_login_id=new_login_id)
  print ("Successfully updated user's Login ID.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to update user's Login ID.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   login_id (str): The login ID of the user to update the Login ID for.
loginID := "xxxx"
//   new_login_id (str): New login ID to set for the user.
newLoginID := "xxxx"

res, err := descopeClient.Management.User().UpdateLoginID(ctx, loginID, newLoginID)
if (err != nil){
  fmt.Println("Unable to update user's Login ID: ", err)
} else {
  fmt.Println("Successfully updated user's Login ID.", res)
}
UserService us = descopeClient.getManagementServices().getUserService();

try {
    us.updateLoginId("email@company.com", "newEmail@company.com")
} catch (DescopeException de) {
    // Handle the error
}

Update a User's Phone Number

This operation allows administrators to update a user's phone number.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user to update the phone number for.
const loginId = "xxxx"
//   phone (str): The new user phone number. Leave empty to remove.
const phone = "+17777777777"
//   verified (bool): Set to true for the user to be able to login with the phone number.
const verified = true // or false

let resp = await descopeClient.management.user.updatePhone(loginId, phone, verified)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to update user's phone number.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user's phone number.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update the phone for.
login_id = "xxxx"
#   phone (str): The new user phone number. Leave empty to remove.
phone = "+1777777777"
#   verified (bool): Set to true for the user to be able to login with the phone number.
verified = True # or False

try:
  resp = descope_client.mgmt.user.update_phone(login_id=login_id, phone=phone, verified=verified)
  print ("Successfully updated user's phone number.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to update user's phone number.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update the phone for.
loginID := "xxxx"
//   phone (str): The new user phone number. Leave empty to remove.
phone := "+13333333333"
//   verified (bool): Set to true for the user to be able to login with the phone number.
verified := true // or False

res, err := descopeClient.Management.User().UpdatePhone(ctx, loginID, phone, verified)
if (err != nil){
  fmt.Println("Unable to update user's phone number: ", err)
} else {
  fmt.Println("Successfully updated user's phone number: ", res)
}
// A user must have a loginID, other fields are optional.
// Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
UserService us = descopeClient.getManagementServices().getUserService();

// Update will override all fields as is. Use carefully.
try {
    us.update("email@company.com", UserRequest.builder()
					.email("email@company.com")
					.displayName("Joe Person")
					.loginId("<login_id>")
					.phone("980-012-1234")
					.build());
} catch (DescopeException de) {
    // Handle the error
}

Update a User's Display Name

This operation allows administrators to update a user's display name.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   displayName (str): Optional user display name. Leave empty to remove.
const displayName = "Updated Display Name"

let resp = await descopeClient.management.user.updateDisplayName(loginId, displayName)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to update user's display name.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user's display name.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update.
login_id = "xxxx"
#   display_name (str): Optional user display name. Leave empty to remove.
display_name = "Updated Display Name"

try:
  resp = descope_client.mgmt.user.update_display_name(login_id=login_id, display_name=display_name)
  print ("Successfully updated user's display name.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to update user's display name.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   displayName (str): Optional user display name. Leave empty to remove.
displayName := "Updated Display Name"

res, err := descopeClient.Management.User().UpdateDisplayName(ctx, loginID, displayName)
if (err != nil){
  fmt.Println("Unable to update user's display name: ", err)
} else {
  fmt.Println("Successfully updated user's display name: ", res)
}
// A user must have a loginID, other fields are optional.
// Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
UserService us = descopeClient.getManagementServices().getUserService();

// Update will override all fields as is. Use carefully.
try {
    us.update("email@company.com", UserRequest.builder()
					.email("email@company.com")
					.displayName("Joe Person")
					.loginId("<login_id>")
					.phone("980-012-1234")
					.build());
} catch (DescopeException de) {
    // Handle the error
}

Update a User's Picture

This operation allows administrators to update a user's profile picture granularly without updating all user details.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   picture (str): Optional url to user avatar. Leave empty to remove.
const picture = "https://example.com/picture.png"

const resp = await descopeClient.management.user.updatePicture(loginId, picture)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to update user's picture.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user's picture.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update.
login_id = "xxxx"
#   picture (str): Optional url to user avatar. Leave empty to remove.
picture = "https://example.com/picture.png"

try:
  resp = descope_client.mgmt.user.update_picture(login_id=login_id, picture=picture)
  print ("Successfully updated user's picture.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to update user's picture.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   picture (str): Optional url to user avatar. Leave empty to remove.
picture := "https://example.com/picture.png"

res, err := descopeClient.Management.User().UpdatePicture(ctx, loginID, picture)
if (err != nil){
  fmt.Println("Unable to update user's picture: ", err)
} else {
  fmt.Println("Successfully updated user's picture.", res)
}
// A user must have a loginID, other fields are optional.
// Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
UserService us = descopeClient.getManagementServices().getUserService();

// Update will override all fields as is. Use carefully.
try {
    us.update("email@company.com", UserRequest.builder()
            .email("email@company.com")
            .displayName("Joe Person")
            .phone("980-012-1234")
            .picture("<string_to_picture>").build());
} catch (DescopeException de) {
    // Handle the error
}

Update a User's Custom Attributes

This operation allows administrators to update a user's custom attributes granularly without updating all user details.

NodeJSPythonGoJava
// Args:
//   loginID (str): The login ID of the user to update.
const loginId = "xxxx"
//   attributeKey: The custom attribute that needs to be updated, this attribute needs to exists in Descope console app
const attributeKey = "mycustomattribute"
//	 attributeValue (str): The value to be update
const attributeValue = "Test Value"

const resp = await descopeClient.management.user.updateCustomAttribute(loginId, attributeKey, attributeValue)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to update user's custom attribute.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user's custom attribute.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update.
login_id = "xxxx"
#   attribute_key: The custom attribute that needs to be updated, this attribute needs to exists in Descope console app
attribute_key = "mycustomattribute"
#	 attribute_val (str): The value to be update
attribute_val = "Test Value"

try:
  resp = descope_client.mgmt.user.update_custom_attribute(login_id=login_id, attribute_key=attribute_key, attribute_val=attribute_val)
  print ("Successfully updated user's custom attribute.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to update user's custom attribute.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   attributeKey (str): The custom attribute that needs to be updated, this attribute needs to exists in Descope console app
attributeKey := "mycustomattribute"
//	 attributeValue: The value to be update
attributeValue := "Test Value"

res, err := descopeClient.Management.User().UpdateCustomAttribute(ctx, loginID, attributeKey, attributeValue)
if (err != nil){
  fmt.Println("Unable to update user's custom attribute: ", err)
} else {
  fmt.Println("Successfully updated user's custom attribute.", res)
}
// A user must have a loginID, other fields are optional.
// Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
UserService us = descopeClient.getManagementServices().getUserService();

// Update will override all fields as is. Use carefully.
try {
    us.update("email@company.com", UserRequest.builder()
            .email("email@company.com")
            .displayName("Joe Person")
            .phone("980-012-1234")
            .customAttributes(customAttributes)
            .picture("<string_to_picture>").build());
} catch (DescopeException de) {
    // Handle the error
}

Expire a User's Password

This operation allows administrators to expire an existing user's password. Upon next login, the user will need to follow the reset password flow.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user to expire password for.
const loginId = "xxxx"

const resp = await descopeClient.management.user.expirePassword(loginId)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to expire user's password.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully expired user's password.")
}
# Args:
#   login_id (str): The login ID of the user expire password for.
login_id = "xxxx"

try:
  resp = descope_client.mgmt.user.expire_password(login_id=login_id)
  print ("Successfully expired user's password.")
except AuthException as error:
  print ("Unable to expire user's password.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to expire password for.
loginID := "xxxx"

err := descopeClient.Management.User().ExpirePassword(ctx, loginID)
if (err != nil){
  fmt.Println("Unable to expire user's password: ", err)
} else {
  fmt.Println("Successfully expired user's password.")
}
UserService us = descopeClient.getManagementServices().getUserService();

// Set a user's password
try {
    us.expirePassword("my-custom-id");
} catch (DescopeException de) {
    // Handle the error
}

Set a Temporary User's Password

This operation allows administrators to set a temporary password for an existing user. This will require the user to change their password on next authentication.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user set password for.
const loginId = "xxxx"
//   password (str): The password to be set for the user.
const password = "xxxxx"

const resp = await descopeClient.management.user.setTemporaryPassword(loginId, password)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to set user's password.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully set user's password.")
}
# Args:
#   login_id (str): The login ID of the user set password for.
login_id = "xxxx"
#   password (str): The password to be set for the user.
password = "xxxxx"

try:
  resp = descope_client.mgmt.user.set_temporary_password(login_id=login_id, password=password)
  print ("Successfully set user's password.")
except AuthException as error:
  print ("Unable to set user's password.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to set password for.
loginID := "xxxx"
//   password (str): The password to be set for the user.
password := "xxxxx"

err := descopeClient.Management.User().SetTemporaryPassword(ctx, loginID, password)
if (err != nil){
  fmt.Println("Unable to set user's password: ", err)
} else {
  fmt.Println("Successfully set user's password.")
}
UserService us = descopeClient.getManagementServices().getUserService();

// Set a user's password
try {
    us.setPassword("my-custom-id", "some-password");
} catch (DescopeException de) {
    // Handle the error
}

Set an Active Password for User

This endpoint allows you to set an active password for an existing user. This will allow the user to authenticate with this password without changing it.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user set password for.
const loginId = "xxxx"
//   password (str): The password to be set for the user.
const password = "xxxxx"

const resp = await descopeClient.management.user.setActivePassword(loginId, password)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to set user's password.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully set user's password.")
}
# Args:
#   login_id (str): The login ID of the user set password for.
login_id = "xxxx"
#   password (str): The password to be set for the user.
password = "xxxxx"

try:
  resp = descope_client.mgmt.user.set_active_password(login_id=login_id, password=password)
  print ("Successfully set user's password.")
except AuthException as error:
  print ("Unable to set user's password.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to set password for.
loginID := "xxxx"
//   password (str): The password to be set for the user.
password := "xxxxx"

err := descopeClient.Management.User().SetActivePassword(ctx, loginID, password)
if (err != nil){
  fmt.Println("Unable to set user's password: ", err)
} else {
  fmt.Println("Successfully set user's password.")
}
// pending release

Add a Role to a User

This operation allows administrators to add roles to an existing user.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   roleNames (List[str]): A list of roles to add to a user without tenant association.
const roleNames = ["TestRole1","TestRole2"]

let resp = await descopeClient.management.user.addRoles(loginId, roleNames)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to add roles to user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully added roles to user.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update.
login_id = "xxxx"
#   role_names (List[str]): A list of roles to add to a user without tenant association.
role_names = ["TestRole1", "TestRole2", "TestRole3"]

try:
  resp = descope_client.mgmt.user.add_roles(login_id=login_id, role_names=role_names)
  print ("Successfully updated user's roles.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to update user's roles.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   roleNames (List[str]): A list of roles to add to a user without tenant association.
roleNames := []string{"TestRole1","TestRole2"}

res, err := descopeClient.Management.User().AddRoles(ctx, loginID, roleNames)
if (err != nil){
  fmt.Println("Unable to add roles to user: ", err)
} else {
  fmt.Println("Successfully added roles to user: ", res)
}
UserService us = descopeClient.getManagementServices().getUserService();

List<String> roles = Arrays.asList("My Updated Permission");
/**
 * Add roles for a user without tenant association. Use AddTenantRoles for users that are part of
 * a multi-tenant project.
 *
 * @param loginId The loginID is required.
 * @param roles User Roles
 * @return {@link UserResponseDetails UserResponseDetails}
 * @throws DescopeException If there occurs any exception, a subtype of this exception will be
 *     thrown.
 */
us.addRoles("<login_id>", roles);

Set Roles for a User

This endpoint allows you to set a user's roles. This will override the current roles associated to the user and will set all passed roles.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   roles (List[str]): A list of roles to set for a user without tenant association.
const roles = ["TestRole1","TestRole2"]

let resp = await descopeClient.management.user.setRoles(loginId, roles)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to set roles to user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully set roles to user.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update.
login_id = "xxxx"
#   roles (List[str]): A list of roles to set for a user without tenant association.
roles = ["TestRole1", "TestRole2", "TestRole3"]

try:
  resp = descope_client.mgmt.user.set_roles(login_id=login_id, roles=roles)
  print ("Successfully set user's roles.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to set user's roles.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   roles (List[str]): A list of roles to set for a user without tenant association.
roles := []string{"TestRole1","TestRole2"}

res, err := descopeClient.Management.User().SetRoles(ctx, loginID, roles)
if (err != nil){
  fmt.Println("Unable to set roles to user: ", err)
} else {
  fmt.Println("Successfully set roles to user: ", res)
}
UserService us = descopeClient.getManagementServices().getUserService();

List<String> roles = Arrays.asList("TestRole1","TestRole2");
/**
 * Add roles for a user without tenant association. Use AddTenantRoles for users that are part of
 * a multi-tenant project.
 *
 * @param loginId The loginID is required.
 * @param roles User Roles
 * @return {@link UserResponseDetails UserResponseDetails}
 * @throws DescopeException If there occurs any exception, a subtype of this exception will be
 *     thrown.
 */
us.setRoles("<login_id>", roles);

Remove a Role from a User

This operation allows administrators to remove roles from an existing user.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   roleNames (List[str]): A list of roles to remove from a user without tenant association.
const roleNames = ["TestRole1","TestRole2"]

let resp = await descopeClient.management.user.removeRoles(loginId, roleNames)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to remove roles from user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully removed roles from user.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update.
login_id = "xxxx"
#   role_names (List[str]): A list of roles to remove from a user without tenant association.
role_names = ["TestRole1", "TestRole2", "TestRole3"]

try:
  resp = descope_client.mgmt.user.remove_roles(login_id=login_id, role_names=role_names)
  print ("Successfully updated user's roles.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to update user's roles.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   roleNames (List[str]): A list of roles to remove from a user without tenant association.
roleNames := []string{"TestRole1","TestRole2"}

res, err := descopeClient.Management.User().RemoveRoles(ctx, loginID, roleNames)
if (err != nil){
  fmt.Println("Unable to remove roles from user: ", err)
} else {
  fmt.Println("Successfully removed roles from user: ", res)
}
UserService us = descopeClient.getManagementServices().getUserService();

List<String> roles = Arrays.asList("My Updated Permission");
/**
 * Remove roles from a user without tenant association.
 *
 * @param loginId The loginID is required.
 * @param roles Use RemoveTenantRoles for users that are part of a multi-tenant project.
 * @return {@link UserResponseDetails UserResponseDetails}
 * @throws DescopeException If there occurs any exception, a subtype of this exception will be
 *     thrown.
 */
us.removeRoles("<login_id>", roles);

Add a Tenant to a User

This operation allows administrators to add tenants to an existing user.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   tenantId (str): The ID of the tenant to add to the user.
const tenantId = "TestTenant"

let resp = await descopeClient.management.user.addTenant(loginId, tenantId)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to add tenant to user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully added tenant to user.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update.
login_id = "xxxx"
#   tenant_id (str): The ID of the tenant to add to the user.
tenant_id = "TestTenant"

try:
  resp = descope_client.mgmt.user.add_tenant(login_id=login_id, tenant_id=tenant_id)
  print ("Successfully added tenant to user.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to add tenant to user.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   tenantID (str): The ID of the tenant to add to the user.
tenantID := "TestTenant"

res, err := descopeClient.Management.User().AddTenant(ctx, loginID, tenantID)
if (err != nil){
  fmt.Println("Unable to add tenant to user: ", err)
} else {
  fmt.Println("Successfully added tenant to user: ", res)
}
UserService us = descopeClient.getManagementServices().getUserService();

List<String> roles = Arrays.asList("My Updated Permission");
/**
 * Add a tenant association for an existing user.
 *
 * @param loginId The loginID is required.
 * @param tenantId Tenant ID
 * @return {@link UserResponseDetails UserResponseDetails}
 * @throws DescopeException If there occurs any exception, a subtype of this exception will be
 *     thrown.
 */
us.addTenant("<login_id>", "<tenant_id>");

Remove a Tenant from a User

This operation allows administrators to remove tenants from an existing user.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   tenantId (str): The ID of the tenant to remove from the user.
const tenantId = "TestTenant"

let resp = await descopeClient.management.user.removeTenant(loginId, tenantId)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to remove tenant from user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully removed tenant from user.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update.
login_id = "xxxx"
#   tenant_id (str): The ID of the tenant to add to the user.
tenant_id = "TestTenant"

try:
  resp = descope_client.mgmt.user.remove_tenant(login_id=login_id, tenant_id=tenant_id)
  print ("Successfully removed tenant from user.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to remove tenant from user.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   tenantID (str): The ID of the tenant to add to the user.
tenantID := "TestTenant"

res, err := descopeClient.Management.User().RemoveTenant(ctx, loginID, tenantID)
if (err != nil){
  fmt.Println("Unable to remove tenant from user: ", err)
} else {
  fmt.Println("Successfully removed tenant from user: ", res)
}
UserService us = descopeClient.getManagementServices().getUserService();

/**
 * Remove a tenant association from an existing user.
 *
 * @param loginId The loginID is required.
 * @param tenantId Tenant ID
 * @return {@link UserResponseDetails UserResponseDetails}
 * @throws DescopeException If there occurs any exception, a subtype of this exception will be
 *     thrown.
 */
us.removeTenant("<login_id>", "<tenant_id>");

Add Roles to a User in a Specific Tenant

This operation allows administrators to add roles to a user within a specific tenant.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   tenantId (str): The ID of the user's tenant.
const tenantId = "TestTenant"
//   roleNames (List[str]): A list of roles to add to the user.
const roleNames = ["TestRole1","TestRole2"]

let resp = await descopeClient.management.user.addTenantRoles(loginId, tenantId, roleNames)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to add roles to the user in the specified tenant.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully added roles to the user in the specified tenant.")
  console.log(resp.data)
}
#  Args:
#   login_id (str): The login ID of the user to update.
login_id = "xxxx"
#   tenant_id (str): The ID of the user's tenant.
tenant_id = "TestTenant"
#   role_names (List[str]): A list of roles to add to the user.
role_names = ["TestRole1", "TestRole2", "TestRole3"]

try:
  resp = descope_client.mgmt.user.add_tenant_roles(login_id=login_id, tenant_id=tenant_id, role_names=role_names)
  print ("Successfully added roles to the user in the specified tenant.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to add roles to the user in the specified tenant.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   tenantID (str): The ID of the user's tenant.
tenantID := "TestTenant"
//   roleNames (List[str]): A list of roles to add to the user.
roleNames := []string{"TestRole1","TestRole2"}

res, err := descopeClient.Management.User().AddTenantRoles(ctx, loginID, tenantID, roleNames)
if (err != nil){
  fmt.Println("Unable to add roles to the user in the specified tenant: ", err)
} else {
  fmt.Println("Successfully added roles to the user in the specified tenant: ", res)
}
UserService us = descopeClient.getManagementServices().getUserService();
List<String> roles = Arrays.asList("My Updated Permission");

/**
 * Add roles for a user in a specific tenant.
 *
 * @param loginId The loginID is required.
 * @param tenantId Tenant ID
 * @param roles Tenant Roles
 * @return {@link UserResponseDetails UserResponseDetails}
 * @throws DescopeException If there occurs any exception, a subtype of this exception will be
 *     thrown.
 */
us.addTenantRoles("<login_id>", "<tenant_id>", roles);

Set Roles for a User in a Specific Tenant

This operation allows administrators to set roles to a user within a specific tenant. This will override the current roles associated to the user for the tenant and will set all passed roles.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   tenantId (str): The ID of the user's tenant.
const tenantId = "TestTenant"
//   roles (List[str]): A list of roles to set for the user.
const roles = ["TestRole1","TestRole2"]

let resp = await descopeClient.management.user.setTenantRoles(loginId, tenantId, roles)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to set roles to the user in the specified tenant.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully set roles to the user in the specified tenant.")
  console.log(resp.data)
}
#  Args:
#   login_id (str): The login ID of the user to update.
login_id = "xxxx"
#   tenant_id (str): The ID of the user's tenant.
tenant_id = "TestTenant"
#   roles (List[str]): A list of roles to set for the user.
roles = ["TestRole1", "TestRole2", "TestRole3"]

try:
  resp = descope_client.mgmt.user.set_tenant_roles(login_id=login_id, tenant_id=tenant_id, roles=roles)
  print ("Successfully set roles to the user in the specified tenant.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to set roles to the user in the specified tenant.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   tenantID (str): The ID of the user's tenant.
tenantID := "TestTenant"
//   roles (List[str]): A list of roles to set for the user.
roles := []string{"TestRole1","TestRole2"}

res, err := descopeClient.Management.User().SetTenantRoles(ctx, loginID, tenantID, roles)
if (err != nil){
  fmt.Println("Unable to set roles to the user in the specified tenant: ", err)
} else {
  fmt.Println("Successfully set roles to the user in the specified tenant: ", res)
}
UserService us = descopeClient.getManagementServices().getUserService();
List<String> roles = Arrays.asList("TestRole1","TestRole2");

/**
 * Add roles for a user in a specific tenant.
 *
 * @param loginId The loginID is required.
 * @param tenantId Tenant ID
 * @param roles Tenant Roles
 * @return {@link UserResponseDetails UserResponseDetails}
 * @throws DescopeException If there occurs any exception, a subtype of this exception will be
 *     thrown.
 */
us.setTenantRoles("<login_id>", "<tenant_id>", roles);

Remove Roles from a User in a Specific Tenant

This operation allows administrators to remove roles from a user within a specific tenant.

NodeJSPythonGoJava
// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   tenantId (str): The ID of the user's tenant.
const tenantId = "TestTenant"
//   roleNames (List[str]): A list of roles to remove from the user.
const roleNames = ["TestRole1","TestRole2"]

let resp = await descopeClient.management.user.removeTenantRoles(loginId, tenantId, roleNames)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to remove roles from the user in the specified tenant.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully removed roles from the user in the specified tenant.")
  console.log(resp.data)
}
# Args:
# login_id (str): The login ID of the user to update.
login_id = "xxxx"
# tenant_id (str): The ID of the user's tenant.
tenant_id = "TestTenant"
# role_names (List[str]): A list of roles to remove from the user.
role_names = ["TestRole1", "TestRole2", "TestRole3"]

try:
  resp = descope_client.mgmt.user.remove_tenant_roles(login_id=login_id, tenant_id=tenant_id, role_names=role_names)
  print ("Successfully removed roles from the user in the specified tenant.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to remove roles from the user in the specified tenant.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   tenantID (str): The ID of the user's tenant.
tenantID := "TestTenant"
//   roleNames (List[str]): A list of roles to remove from the user.
roleNames := []string{"TestRole1","TestRole2"}

res, err := descopeClient.Management.User().RemoveTenantRoles(ctx, loginID, tenantID, roleNames)
if (err != nil){
  fmt.Println("Unable to remove roles from the user in the specified tenant: ", err)
} else {
  fmt.Println("Successfully removed roles from the user in the specified tenant: ", res)
}
UserService us = descopeClient.getManagementServices().getUserService();
List<String> roles = Arrays.asList("My Updated Permission");

/**
 * Add roles for a user in a specific tenant.
 *
 * @param loginId The loginID is required.
 * @param tenantId Tenant ID
 * @param roles Tenant Roles
 * @return {@link UserResponseDetails UserResponseDetails}
 * @throws DescopeException If there occurs any exception, a subtype of this exception will be
 *     thrown.
 */
us.removeTenantRoles("<login_id>", "<tenant_id>", roles);

Associate an Application to a User

This operation allows administrators to associate an Application with a user.

NodeJSPythonGoJava
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   ssoAppIds (array(str)): The IDs of the sso apps to add to the user.
ssoAppIds = ["app1", "app2"]

let resp = await descopeClient.management.user.addSSOapps(loginId, ssoAppIds)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to add sso apps to user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully added sso apps to user.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update.
login_id = "xxxx"
#   sso_ids (array(str)): The IDs of the sso apps to add to the user.
sso_ids = ["appId1", "appId2"]

try:
  user = descope_client.mgmt.user.set_sso_apps(
	        login_id=loginId,
	        sso_app_ids=sso_ids
        )

  print ("Successfully added sso apps to user.")
except AuthException as error:
  print ("Unable to add sso apps to user.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   ssoAppIds (array(str)): The IDs of the sso apps to add to the user.
ssoAppIds = []string{"appId3"}

user, err := descopeClient.Management.User().AddSSOApps(context.Background(), "desmond@descope.com", ssoAppIds)
if (err != nil){
  fmt.Println("Unable to add sso apps to user: ", err)
} else {
  fmt.Println("Successfully added sso apps to user: ", user)
}
UserService us = descopeClient.getManagementServices().getUserService();
List<String> ssoAppIds = Arrays.asList("appId1", "appId2");

us.addSsoApps("<login_id>", ssoAppIds);

Set Applications for user

This operation allows administrators to set Applications associated to a user. This will override the current Application associated to the user for the user and set all passed Applications.

NodeJSPythonGoJava
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   ssoAppIds (array(str)): The IDs of the sso apps to add to the user.
ssoAppIds = ["app1", "app2"]

let resp = await descopeClient.management.user.setSSOapps(loginId, ssoAppIds)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to set sso apps to user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully set sso apps to user.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update.
login_id = "xxxx"
#   sso_ids (array(str)): The IDs of the sso apps to add to the user.
sso_ids = ["appId1", "appId2"]

try:
  user = descope_client.mgmt.user.set_sso_apps(
	        login_id=loginId,
	        sso_app_ids=sso_ids
        )

  print ("Successfully set sso apps to user.")
except AuthException as error:
  print ("Unable to set tenant to user.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   ssoAppIds (array(str)): The IDs of the sso apps to add to the user.
ssoAppIds = []string{"appId3"}

user, err := descopeClient.Management.User().SetSSOApps(context.Background(), "desmond@descope.com", ssoAppIds)
if (err != nil){
  fmt.Println("Unable to set sso apps to user: ", err)
} else {
  fmt.Println("Successfully set sso apps to user: ", user)
}
UserService us = descopeClient.getManagementServices().getUserService();
List<String> ssoAppIds = Arrays.asList("appId1", "appId2");

us.setSsoApps("<login_id>", ssoAppIds);

Remove an Application from a User

This operation allows administrators to remove an Application from being associated with a user.

NodeJSPythonGoJava
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   ssoAppIds (array(str)): The IDs of the sso apps to add to the user.
ssoAppIds = ["app1", "app2"]

let resp = await descopeClient.management.user.removeSSOapps(loginId, ssoAppIds)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to remove sso apps to user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully removed sso apps to user.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to update.
login_id = "xxxx"
#   sso_ids (array(str)): The IDs of the sso apps to remove to the user.
sso_ids = ["appId1", "appId2"]

try:
  user = descope_client.mgmt.user.remove_sso_apps(
	        login_id=loginId,
	        sso_app_ids=sso_ids
        )

  print ("Successfully removed sso apps from user.")
except AuthException as error:
  print ("Unable to remove sso apps from user.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   sso_ids (array(str)): The IDs of the sso apps to remove from the user.
ssoAppIds = []string{"appId3"}

user, err := descopeClient.Management.User().RemoveSSOApps(context.Background(), "desmond@descope.com", ssoAppIds)
if (err != nil){
  fmt.Println("Unable to add sso apps to user: ", err)
} else {
  fmt.Println("Successfully removed sso app from user: ", user)
}
UserService us = descopeClient.getManagementServices().getUserService();
List<String> ssoAppIds = Arrays.asList("appId1", "appId2");

us.removeSsoApps("<login_id>", ssoAppIds);

Activate User

This operation allows administrators to activate an existing user.

NodeJSPythonGoJava
// Args:
//  loginId (str): The login ID of the user to be activated.
const loginId = "xxxx"

let resp = await descopeClient.management.user.activate(loginId)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to activate user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully activated user.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to be activated.
login_id = "xxxx"

try:
  resp = descope_client.mgmt.user.activate(login_id=login_id)
  print ("Successfully activated user.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to activate user.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//   loginID (str): The login ID of the user to be activated.
loginID := "xxxx"

res, err := descopeClient.Management.User().Activate(ctx, loginID)
if (err != nil){
  fmt.Println("Unable to activate user: ", err)
} else {
  fmt.Println("User successfully activated", res)
}
UserService us = descopeClient.getManagementServices().getUserService();
/**
 * Activate an existing user.
 *
 * @param loginId The loginID is required.
 * @return {@link UserResponseDetails UserResponseDetails}
 * @throws DescopeException If there occurs any exception, a subtype of this exception will be
 *     thrown.
 */
  us.activate("<login_id>");

Deactivate User

This operation allows administrators to deactivate an existing user.

NodeJSPythonGoJava
// Args:
//  loginId (str): The login ID of the user to be deactivated.
const loginId = "xxxx"

let resp = await descopeClient.management.user.deactivate(loginId)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to deactivate user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully deactivated user.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login ID of the user to be deactivated.
login_id = "xxxx"

try:
  resp = descope_client.mgmt.user.deactivate(login_id=login_id)
  print ("Successfully deactivated user.")
  print(json.dumps(resp, indent=2))
except AuthException as error:
  print ("Unable to deactivate user.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//  ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//  loginID (str): The login ID of the user to be deactivated.
loginID := "xxxx"

res, err := descopeClient.Management.User().Deactivate(ctx, loginID)
if (err != nil){
  fmt.Println("Unable to deactivate user: ", err)
} else {
  fmt.Println("User successfully deactivated", res)
}
UserService us = descopeClient.getManagementServices().getUserService();
/**
   * Deactivate an existing user.
   *
   * @param loginId The loginID is required.
   * @return {@link UserResponseDetails UserResponseDetails}
   * @throws DescopeException If there occurs any exception, a subtype of this exception will be
   *     thrown.
   */
  us.deactivate("<login_id>");

Logout All User Sessions

This operation allows administrators to log an existing user out of all sessions. This operation can be done via loginId or userId.

NodeJSPythonGoJava
// Args:
//    loginId (str): The loginId of the user to be logged out.
const loginId = "email@company.com"

const resp = await descopeClient.management.user.logoutUser(loginId);
if (!resp.ok) {
  console.log("Failed to logout user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully logged user out.")
}

// Args:
//    userId (str): The userId of the user to be logged out.
const userId = "email@company.com"

const resp = await descopeClient.management.user.logoutUserByUserId(userId);
if (!resp.ok) {
  console.log("Failed to logout user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully logged user out.")
}
# Args:
#   login_id (str): The login_id of the user that's to be logged out.
login_id = "xxxxx"

try:
  resp = descope_client.mgmt.user.logout_user(login_id=login_id)
  print("Successfully logged user out.")
except AuthException as error:
  print ("Failed to logout user.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))

# Args:
#   user_id (str): The user_id of the user that's to be logged out.
user_id = "xxxxx"

try:
  resp = descope_client.mgmt.user.logout_user_by_user_id(user_id=user_id)
  print("Successfully logged user out.")
except AuthException as error:
  print ("Failed to logout user.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    loginID (str): The loginID of the user to be logged out.
loginID := "email@company.com"

err := descopeClient.Management.User().LogoutUser(ctx, loginID)
if (err != nil){
  fmt.Println("Failed to logout user.", err)
} else {
  fmt.Println("Successfully logged user out.")
}

// Args:
//    userID (str): The userID of the user to be logged out.
userID := "email@company.com"

err := descopeClient.Management.User().LogoutUserByUserID(ctx, userID)
if (err != nil){
  fmt.Println("Failed to logout user.", err)
} else {
  fmt.Println("Successfully logged user out.")
}
UserService us = descopeClient.getManagementServices().getUserService();

us.logoutUser("<loginId>");

us.logoutUserByUserId("<userId>");

Delete User's Passkeys

This operation will delete all existing passkeys for a user.

NodeJSPythonGoJava
// Args:
//    loginId (str): The loginId of the user to be remove passkeys for.
const loginId = "email@company.com"

const resp = await descopeClient.management.user.removeAllPasskeys(loginId);
if (!resp.ok) {
  console.log("Failed to remove user's passkeys.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully removed user's passkeys.")
}
# Args:
#   login_id (str): The login_id of the user to be remove passkeys for.
login_id = "xxxxx"

try:
  resp = descope_client.mgmt.user.remove_all_passkeys(login_id=login_id)
  print("Successfully removed user's passkeys.")
except AuthException as error:
  print ("Failed to remove user's passkeys.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    loginID (str): The loginID of the user to be remove passkeys for.
loginID: = "email@company.com"

err := descopeClient.Management.User().RemoveAllPasskeys(ctx, userID)
if (err != nil){
  fmt.Println("Failed to remove user's passkeys.", err)
} else {
  fmt.Println("Successfully removed user's passkeys.")
}
// Pending release

Delete User

This operation allows administrators to delete an existing user. It is important to note that this operation is irreversible and the user will be removed and will not be able to be added back without recreation.

NodeJSPythonGoJava
// Args:
//    loginId (str): The loginId of the user to be deleted.
const loginId = "email@company.com"

const resp = await descopeClient.management.user.delete(loginId);
if (!resp.ok) {
  console.log("Failed to delete user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully deleted user.")
  console.log(resp.data)
}
# Args:
#   login_id (str): The login_id of the user that's to be deleted.
login_id = "xxxxx"

try:
  resp = descope_client.mgmt.user.delete(login_id=login_id)
  print("Successfully deleted user.")
except AuthException as error:
  print ("Failed to delete user.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    loginID (str): The loginID of the user to be deleted.
loginID: = "email@company.com"

err := descopeClient.Management.User().Delete(ctx, loginID)
if (err != nil){
  fmt.Println("Unable to delete user: ", err)
} else {
  fmt.Println("User Successfully deleted")
}
UserService us = descopeClient.getManagementServices().getUserService();
/**
  * Delete an existing user.
  *
  * <p>IMPORTANT: This action is irreversible. Use carefully.
  *
  * @param loginId The loginID is required.
  * @throws DescopeException If there occurs any exception, a subtype of this exception will be
  *     thrown.
  */
us.delete("<loginId>");

Impersonate User

This operation allows administrators to impersonate an existing user. The impersonator user must have the impersonation permission in order for this request to work. The response would be a refresh JWT of the impersonated user.

NodeJSPythonGo
// Args:
// loginId (str): The loginId of the user to be deleted.
// imersonatorId (str): The login_id of the user that's to be impersonated.
// validateConsent (boolean): Whether to check if the user to be impersonated has given consent
const updatedJWTRes = await descopeClient.management.jwt.impersonate(
  'impersonator-id',
  'login-id',
  true,
);
# Args:
#   login_id (str): The login_id of the user that's to be impersonating.
#   imersonator_id (str): The login_id of the user that's to be impersonated.
#   validate_consent (boolean): Whether to check if the user to be impersonated has given consent
refresh_jwt = descope_client.mgmt.jwt.impersonate(
    impersonator_id="<Login ID impersonator>",
    login_id="<Login ID of impersonated person>",
    validate_consent=True
)
// Args:
//   ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    loginID (str): The loginID of the user to be deleted.
//   imersonator_id (str): The login_id of the user that's to be impersonated.
//   validate_consent (boolean): Whether to check if the user to be impersonated has given consent
refreshJWT, err := descopeClient.Management.JWT().Impersonate(ctx, "impersonator id", "login id", true)
if err != nil {
    // handle error
}