v2.5.3

2.5.3 (Feb 5, 2026)

• Add golangci-lint to the project #293 by @pranav-okta
• Re-release a patch version to fix the Chocolatey publish package

Full Changelog: v2.5.2...v2.5.3

v2.5.2

2.5.2 (Jan 8, 2026)

• Fix windows runtime error of could not find the home directory #297 by @pranav-okta
• Fix output formatting #271 by @curator

v2.5.1

What's Changed

• New direct command for Direct Authentication (out-of-bounds MFA) by @monde in #277
• Update README.md by @monde in #278
• Add Snyk Support in CCI by @manmohan-shaw-okta in #285
• Improve formatting in readme by @bbodenmiller in #282
• fix: use v2 imports for go package by @pranav-okta in #290

New Contributors

• @manmohan-shaw-okta made their first contribution in #285
• @bbodenmiller made their first contribution in #282
• @pranav-okta made their first contribution in #290

Full Changelog: v2.4.1...v2.5.1

v2.5.0

2.5.0 (May 20, 2025)

• New direct command for OOB MFA password grant auth flow #277, thanks @monde!

v2.4.1

2.4.1 (February 10, 2025)

BUG FIXES

• Correct bug evaluating AWS Session Duration CLI flag #269, thanks @curator!

MAINTENANCE

• Upgrade gopkg.in/square/go-jose.v2 v2.6.0 to github.com/go-jose/go-jose/v4 v4.0.4
  • https://github.com/okta/okta-aws-cli/security/dependabot/9

v2.4.0

2.4.0 (January 31, 2025)

ENHANCEMENTS

• Multiple apps feature only requires okta.users.read.self scope #254, thanks @monde!
• Toggle API HTTP User-Agent header to okta-aws-cli to ease use in a policy rule #257, thanks @monde!
• Improve error message suggestion for expired token #256, thanks @Eitol!
• JTI protection on m2m auth token #259, thanks @duytiennguyen-okta!
• m2m allow STS role session name to be overridden #262, thanks @monde!

MAINTENANCE

• Update github.com/aws/aws-sdk-go to v1.55.5 #255, thanks @monde!
• Update golang.org/x/net to v0.34.0 #266, thanks @monde!
• Rename/deprecate CLI flag --session-duration to --aws-session-duration #263, thanks @monde!
• README note that AWS Fed app doesn't support device security posture #260, thanks @monde!

BUG FIXES

• Correct client assertion handling in API POST #253, thanks @duytiennguyen-okta!
• Only read cached access token if the feature is enabled. #267, thanks @monde!
• Control stdio for process credentials output #261, thanks @monde!

v2.3.1

2.3.1 (September 03, 2024)

BUG FIXES

• Fix buggy retry error loop that causes operator confusion. #237, thanks @monde!
• Clean up the non-admin user experience. #235, thanks @monde!
• Don't warn if okta.yaml doesn't exist. #232, thanks @monde!
• Correct Classic Org error and expected exit. #231, thanks @monde!

v2.3.0

2.3.0 (July 12, 2024)

ENHANCEMENTS

• New command okta-aws-cli list-profiles helper to inspect profiles in okta.yaml #222, thanks @pmgalea!
• GH releases publish Windows artifact to Chocolatey #215, thanks @monde!
• Better retry for when the cached access token has been invalidated outside of okta-aws-cli's control. #220, thanks @monde!
• Print a warning at first run if otka.yaml is malformed. #220, thanks @monde!

BUG FIXES

• Correct "default" profile flaw introduced in 2.2.0 release #220, thanks @monde!
• Continue polling instead of exit on a 400 "slow_down" API error #220, thanks @monde!

v2.2.0

2.2.0 (July 3, 2024)

ENHANCEMENTS

• Seamless support for non-Admin users if OIDC app has okta.users.read.self grant. Issue #66, PR #213, thanks @monde!
• Improve README with note about device state in policy #205, thanks @ramgandhi-okta!
• Correct m2m typo in README #201, thanks @stefan-lsx!

BUG FIXES

• Paginating more than 200 apps on GET /api/v1/apps not implemented #212, thanks @pmgalea!
• Respect OKTA_AWSCLI_AWS_REGION env var value when saving to the profile #203, thanks @sudolibre!
• Default profile value not correctly set to default #200, thanks @mantoine96!

v2.1.2

2.1.2 (February 27, 2024)

BUG FIXES

• Additional fix for bug dealing with multiple profiles in okta.yaml #196, thanks @MatthewJohn!