We are making rate limits more granular and will roll the changes out over the next few months:
Of course, as each change is released, we'll announced the change here.
For a full description of the rate limit changes, see API Rate Limits.
You can now search (exact match) for an authorization server name or resource URI: To see the new search box, log into your Okta org, click the Admin button, and visit Security > API > Authorization Servers.
In the administrator UI, you can set an authorization server to manually rotate keys. Keys are rotated automatically by default.
Important: Automatic key rotation is more secure than manual key rotation. Use manual key rotation only if you can't use automatic key rotation.
To change an authorization server configuration to use manual key rotation:
okta_post_messagefailed to return the error message ("The authorization server does not support the requested response mode") in the response. Instead it redirected the error response to the URI specified in
sessionTokenin the response from the POST
/api/v1/authnrequest with username and password was valid for two hours after issuance. It is now valid for 5 minutes for added security. (OKTA-109907)
searchparameter with GET
/api/v1/userswhen the user is federated returned an incorrect value for