We are making org-wide rate limits more granular, and treating authenticated end-user interactions separately. More granular rate limits will further lessen the likelihood of calls to one URI impacting another. Treating authenticated end-user interactions separately will lessen the chances of one user's impacting another. We're also providing a transition period so you can see what these changes will look like in your Okta system log before enforcing them:
Of course, as each change is released, we'll announce the change here.
For a full description of the rate limit changes, see API Rate Limits.
Sample code to demonstrate OIDC authorization flows is available from the following locations:
System log now records the result of applying the Okta sign-on policy to determine whether to use multi-factor authentication for a user trying to log in. This log entry includes the user's zone.
For a user mastered from Active Directory and in password reset mode, the /api/v1/users API returned the user's status as ACTIVE rather than RECOVERY. (OKTA-109772)