| Feature Enhancement | Expected in Preview Orgs | Expected in Production Orgs |
|---|---|---|
| App User Schema API is Generally Available | Available Now | Available Now |
Special HTML Characters in state for okta_post_message | January 31, 2018 | February 7, 2018 |
| Custom Scopes in Metadata Endpoints | January 31, 2018 | February 7, 2018 |
| Improved Enforcement of Authorization Server Policies | January 31, 2018 | February 7, 2018 |
| Functions for Including Groups in Tokens | January 31, 2018 | February 7, 2018 |
| New System Log Messages | January 31, 2018 | February 7, 2018 |
| New Version of the Sign-In Widget | Available Now | Available Now |
Use the App User Schema API to work with App User profiles, typically for apps that have features for provisioning users.
state for okta_post_message You can include HTML special characters in the state parameter for okta_post_message.
Note that state in the main request body already allows these characters.
You can specify whether or not to include custom scopes in the metadata endpoints for OAuth 2.0 and OpenID Connect.
Existing custom scopes are not exposed by default. Set the metadataPublish attribute to ALL_CLIENTS to change the behavior.
When a client application tries to redeem an authorization token from a refresh token issued by a custom authorization server, policies are evaluated again. This ensures any changes since the time the refresh token was issued are checked.
Use the new EL functions Group.contains, Group.startsWith, and Group.endsWith to define a set of dynamic groups to be included in tokens minted from Okta's authorization servers.
These functions complement the existing EL function getFilteredGroups which helps you create a static list of groups for inclusion in a token.
User account updates have two new events written to the system log ( /api/v1/events and /api/v1/logs):
user.account.unlock_by_admin event complements the existing user.account.unlock event which is triggered only by self-service unlock or automatic unlock. The user.account.unlock_by_admin event is triggered when an administrator unlocks an account.user.account.update_primary_email event is triggered only when a primary email is updated. It's not triggered by profile sync or other automated processes. Version 2.6.0 of the Okta Sign-In Widget is available. Check out the new features and bug fixes!
The following bugs have been fixed and are expected in preview orgs January 31, 2018 and production orgs starting February 7, 2018.
501: unsupported operation.
Now the correct exception is thrown: 401: You do not have permission to access the feature you are requesting. (OKTA-154940)/api/v1/authn with deviceToken in the body of the request incorrectly prompted the user for MFA, even after successfully verifying the factor the first time, if: