On This Page

2020.10.0

Change Expected in Preview Orgs
Troubleshooting assistance for app redirect URI October 7, 2020
API Access Management enables scope as a claim October 7, 2020
Rate limit changes October 7, 2020
Client-based rate limiting October 7, 2020
Groups API enhancements in EA October 7, 2020

Troubleshooting assistance for app redirect URI

When an app redirect URI is either missing or incorrectly configured, Okta returns an HTTP 400 error. Now, the error description provides troubleshooting assistance to debug the expected redirect URI.

API Access Management enables scope as a claim

You can now name a claim scope in API Access Management custom authorization servers. Also, you can now use the EL expression access.scope in custom claims to return an array of granted scope strings.

Rate limit changes

Rate limits for paid developer orgs and for one-app orgs have been updated. See the Rate Limits page.

Client-based rate limiting

Client-based rate limiting for the /authorize endpoint is now available in Preview. It provides granular isolation between requests made to the /authorize endpoint by using a combination of the Client ID, user's IP address, and Okta device identifier. This isolates rogue OAuth clients and bad actors, ensuring valid users and applications don't run into rate limit violations.

Groups API enhancements in EA

The Groups API now supports extended search. Also, source application is now returned in Group objects.