Use the new query parameter
nextLogin with a create user API request to create and activate a user with an expired password.
The user has to change his or her password the next time they log in. This new query parameter eliminates the need to use two API calls to achieve the same result.
This feature enhancement is expected in preview orgs starting November 1, 2017, and in production orgs starting November 6, 2017.
Three bug fixes are available now on preview orgs, and will be available on production orgs starting November 6, 2017:
/oauth2/v1/authorizeor OAuth 2.0
User not assigned to appwas incorrectly returned from a
GET /oauth2/v1/authorizerequest for Oauth 2.0 clients with a custom client ID. (OKTA-146566)
Two bug fixes are expected on preview orgs starting Nov 1, 2017, and will be available on production orgs starting November 6, 2017:
phone_number_verifiedwas returned from some authorization servers. The claim has been removed because Okta doesn't support this claim yet. (OKTA-146470)