Edit Page

2018.22

Change Expected in Preview Orgs Rollout to Production Orgs Expected to Start
New Session Token Behavior is in Early Access May 30, 2018 June 4, 2018
System Log Events for New Device Notification Emails May 30, 2018 June 4, 2018
Bugs Fixed in 2018.22 May 30, 2018 June 4, 2018
Previously Released Early Access Features 2018.22 Update Available now Available now

New Session Token Behavior is in Early Access

If a user has a valid session and passes a sessionToken, this sessionToken will override any existing session cookie. If the user has a valid session but passes an invalid sessionToken, then their existing session will be invalidated. Currently, if a user has a valid session and passes a sessionToken, the sessionToken will be ignored. If this feature is not enabled, the current behavior will continue.

System Log Events for New Device Notification Emails

New device notification email events will now appear in the System Log.

Bugs Fixed in 2018.22

  • Default password policy settings were sometimes incorrectly applied when creating a user with a password. (OKTA-127830)
  • The /userinfo endpoint would return an empty JSON object in the response body when using an invalid access token. (OKTA-169553)
  • Some OAuth 2.0/OIDC refresh tokens would expire early. (OKTA-171056)

Previously Released Early Access Features 2018.22 Update

The following features have already been released as Early Access. To enable them, contact Support.

Early Access Features Available Now
Custom URL Domains
Custom Okta-hosted Sign-In Page
Custom Error Page
Linked Objects API
Token Management API
System Log API
User Consent for OAuth 2.0 and OpenID Connect Flows