From 63b31a13f9ea040cf1358e659cc0321092221e76 Mon Sep 17 00:00:00 2001
From: Chris Hoffman <99742+chrishoffman@users.noreply.github.com>
Date: Thu, 12 May 2022 15:55:33 -0400
Subject: [PATCH] Disabling client side rate limiting in Okta login MFA client
 (#15369)

* disabling client side rate limiting for MFA client

* add changelog
---
 changelog/15369.txt | 3 +++
 vault/login_mfa.go  | 2 ++
 2 files changed, 5 insertions(+)
 create mode 100644 changelog/15369.txt

diff --git a/changelog/15369.txt b/changelog/15369.txt
new file mode 100644
index 000000000..b27c004a8
--- /dev/null
+++ b/changelog/15369.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+mfa/okta: disable client side rate limiting causing delays in push notifications
+```
\ No newline at end of file
diff --git a/vault/login_mfa.go b/vault/login_mfa.go
index 0976482b8..6d6163ced 100644
--- a/vault/login_mfa.go
+++ b/vault/login_mfa.go
@@ -1825,6 +1825,8 @@ func (c *Core) validateOkta(ctx context.Context, mConfig *mfa.Config, username s
 	} else {
 		client = okta.NewClient(cleanhttp.DefaultClient(), oktaConfig.OrgName, oktaConfig.APIToken, oktaConfig.Production)
 	}
+	// Disable client side rate limiting
+	client.RateRemainingFloor = 0
 
 	var filterOpts *okta.UserListFilterOptions
 	if oktaConfig.PrimaryEmail {