| Feature Enhancement | Expected in Preview Orgs | Expected in Production Orgs |
|---|---|---|
| Default Custom Authorization Server | August 9, 2017 | August 14, 2017 |
| Web App Supports Client Credential Grant Type | August 9, 2017 | August 14, 2017 |
| OpenID Connect Group Claim Retrieves Application Groups | August 9, 2017 | August 14, 2017 |
| SHA-256 Signed Certificates for New SAML 2.0 Apps | Generally Available now | Generally Available beginning 9/11/2017 |
Okta provides a pre-configured Custom Authorization Server named default.
This default authorization server includes a basic access policy and rule, which you can edit to control access.
It allows you to specify default instead of the authServerId in requests to it:
https://{yourOktaDomain}/api/v1/authorizationServers/default vshttps://{yourOktaDomain}/api/v1/authorizationServers/${authServerId} for other Custom Authorization ServersOAuth 2.0 clients now support configuration of the web application type to use a client_credential grant type.
This allows you to use one client_id for an application that needs to make user-specific calls and back-end calls for data.
OpenID Connect, which uses the Okta Authorization Server, can retrieve application groups for use in tokens. Previously, application groups could only be retrieved with the Custom Authorization Server.
You can use the Okta Expression Language getFilteredGroups function to retrieve application groups.
All new SAML 2.0 apps are bootstrapped with SHA-256 signed public certificates. Existing SAML 2.0 apps are unchanged.
Bug fixes are expected on preview orgs starting August 9, 2017, and on production orgs starting August 14, 2017.
/oauth2/v1/authorize with the state parameter incorrectly returned an error. (OKTA-130916)