Support Descoper & Mgmt Key methods

README.md

@@ -84,6 +84,8 @@ These sections show how to use the SDK to perform permission and user management
 14. [Manage Project](#manage-project)
 15. [Manage SSO Applications](#manage-sso-applications)
 16. [Manage Outbound Applications](#manage-outbound-applications)
+17. [Manage Descopers](#manage-descopers)
+18. [Manage Management Keys](#manage-management-keys)
 
 If you wish to run any of our code samples and play with them, check out our [Code Examples](#code-examples) section.
 
@@ -1565,6 +1567,141 @@ latest_tenant_token = descope_client.mgmt.outbound_application_by_token.fetch_te
 )
 ```
 
+### Manage Descopers
+
+You can create, update, delete, load or list Descopers (users who have access to the Descope console):
+
+```python
+from descope import (
+    DescoperAttributes,
+    DescoperCreate,
+    DescoperProjectRole,
+    DescoperRBAC,
+    DescoperRole,
+)
+
+# Create a new Descoper
+resp = descope_client.mgmt.descoper.create(
+    descopers=[
+        DescoperCreate(
+            login_id="[email protected]",
+            attributes=DescoperAttributes(
+                display_name="John Doe",
+                email="[email protected]",
+                phone="+1234567890",
+            ),
+            send_invite=True,  # Send an invitation email
+            rbac=DescoperRBAC(
+                is_company_admin=False,
+                projects=[
+                    DescoperProjectRole(
+                        project_ids=["project-id-1"],
+                        role=DescoperRole.ADMIN,
+                    )
+                ],
+            ),
+        )
+    ]
+)
+descopers = resp["descopers"]
+total = resp["total"]
+
+# Load a Descoper by ID
+resp = descope_client.mgmt.descoper.load("descoper-id")
+descoper = resp["descoper"]
+
+# Update a Descoper's attributes and/or RBAC
+# Note: All fields that are set will override existing values
+resp = descope_client.mgmt.descoper.update(
+    id="descoper-id",
+    attributes=DescoperAttributes(
+        display_name="Updated Name",
+    ),
+    rbac=DescoperRBAC(
+        is_company_admin=True,
+    ),
+)
+updated_descoper = resp["descoper"]
+
+# List all Descopers
+resp = descope_client.mgmt.descoper.list()
+descopers = resp["descopers"]
+total = resp["total"]
+for descoper in descopers:
+    # Do something
+
+# Delete a Descoper
+# Descoper deletion cannot be undone. Use carefully.
+descope_client.mgmt.descoper.delete("descoper-id")
+```
+
+### Manage Management Keys
+
+You can create, update, delete, load or search management keys:
+
+```python
+from descope import (
+    MgmtKeyReBac,
+    MgmtKeyProjectRole,
+    MgmtKeyTagRole,
+    MgmtKeyStatus,
+)
+
+# Create a new management key with RBAC configuration
+# The rebac parameter defines the key's access permissions
+rebac = MgmtKeyReBac(
+    company_roles=["company-full-access"],  # Company-level roles
+    project_roles=[  # Project-specific roles
+        MgmtKeyProjectRole(
+            project_ids=["project-id-1", "project-id-2"],
+            roles=["project-admin"]
+        )
+    ],
+    tag_roles=[  # Tag-based roles
+        MgmtKeyTagRole(
+            tags=["production"],
+            roles=["read-only"]
+        )
+    ],
+)
+
+create_resp = descope_client.mgmt.management_key.create(
+    name="My Management Key",
+    rebac=rebac,
+    description="Optional description for the management key",
+    expires_in=0,  # Expiration time in seconds (0 for no expiration)
+    permitted_ips=["10.0.0.1", "192.168.1.0/24"],  # Optional IP allowlist
+)
+key = create_resp["key"]
+cleartext = create_resp["cleartext"]  # Save this securely - it will not be returned again!
+
+# Load a specific management key by ID
+load_resp = descope_client.mgmt.management_key.load("key-id")
+loaded_key = load_resp["key"]
+
+# Search all management keys
+search_resp = descope_client.mgmt.management_key.search()
+keys = search_resp["keys"]
+for key in keys:
+    # Do something
+
+# Update a management key
+# IMPORTANT: All parameters will override existing values. Use carefully.
+update_resp = descope_client.mgmt.management_key.update(
+    id="key-id",
+    name="Updated Key Name",
+    description="Updated description",
+    permitted_ips=["10.0.0.2"],
+    status=MgmtKeyStatus.ACTIVE,  # Can be ACTIVE or INACTIVE
+)
+updated_key = update_resp["key"]
+
+# Delete management keys
+# IMPORTANT: This action is irreversible. Use carefully.
+delete_resp = descope_client.mgmt.management_key.delete(["key-id-1", "key-id-2"])
+total_deleted = delete_resp["total"]
+```
+
 ### Utils for your end to end (e2e) tests and integration tests
 
 To ease your e2e tests, we exposed dedicated management methods,

descope/__init__.py

@@ -20,6 +20,16 @@
 from descope.http_client import DescopeResponse
 from descope.management.common import (
     AssociatedTenant,
+    DescoperAttributes,
+    DescoperCreate,
+    DescoperProjectRole,
+    DescoperRBAC,
+    DescoperRole,
+    DescoperTagRole,
+    MgmtKeyProjectRole,
+    MgmtKeyReBac,
+    MgmtKeyStatus,
+    MgmtKeyTagRole,
     SAMLIDPAttributeMappingInfo,
     SAMLIDPGroupsMappingInfo,
     SAMLIDPRoleGroupMappingInfo,

descope/http_client.py

@@ -219,6 +219,26 @@ def post(
         self._raise_from_response(response)
         return response
 
+    def put(
+        self,
+        uri: str,
+        *,
+        body: dict | list[dict] | list[str] | None = None,
+        params=None,
+        pswd: str | None = None,
+    ) -> requests.Response:
+        response = requests.put(
+            f"{self.base_url}{uri}",
+            headers=self._get_default_headers(pswd),
+            json=body,
+            allow_redirects=False,
+            verify=self.secure,
+            params=params,
+            timeout=self.timeout_seconds,
+        )
+        self._raise_from_response(response)
+        return response
+
     def patch(
         self,
         uri: str,
@@ -245,12 +265,14 @@ def delete(
         self,
         uri: str,
         *,
+        body: dict | list[dict] | list[str] | None = None,
         params=None,
         pswd: str | None = None,
     ) -> requests.Response:
         response = requests.delete(
             f"{self.base_url}{uri}",
             params=params,
+            json=body,
             headers=self._get_default_headers(pswd),
             allow_redirects=False,
             verify=self.secure,