On This Page
|Change||Expected in Preview Orgs|
|Troubleshooting assistance for app redirect URI||October 7, 2020|
|API Access Management enables scope as a claim||October 7, 2020|
|Rate limit changes||October 7, 2020|
|Client-based rate limiting||October 7, 2020|
|Groups API enhancements in EA||October 7, 2020|
When an app redirect URI is either missing or incorrectly configured, Okta returns an HTTP 400 error. Now, the error description provides troubleshooting assistance to debug the expected redirect URI.
You can now name a claim
scope in API Access Management custom authorization servers. Also, you can now use the EL expression
access.scope in custom claims to return an array of granted scope strings.
Rate limits for paid developer orgs and for one-app orgs have been updated. See the Rate Limits page.
Client-based rate limiting for the
/authorize endpoint is now available in Preview. It provides granular isolation between requests made to the
/authorize endpoint by using a combination of the Client ID, user's IP address, and Okta device identifier. This isolates rogue OAuth clients and bad actors, ensuring valid users and applications don't run into rate limit violations.