|Change||Expected in Preview Orgs||Rollout to Production Orgs Expected to Start|
|New Session Token Behavior is in Early Access||May 30, 2018||June 4, 2018|
|System Log Events for New Device Notification Emails||May 30, 2018||June 4, 2018|
|Bugs Fixed in 2018.22||May 30, 2018||June 4, 2018|
|Previously Released Early Access Features 2018.22 Update||Available now||Available now|
If a user has a valid session and passes a
sessionToken will override any existing session cookie. If the user has a valid session but passes an invalid
sessionToken, then their existing session will be invalidated. Currently, if a user has a valid session and passes a
sessionToken will be ignored. If this feature is not enabled, the current behavior will continue.
New device notification email events will now appear in the System Log.
/userinfoendpoint would return an empty JSON object in the response body when using an invalid access token. (OKTA-169553)
The following features have already been released as Early Access. To enable them, contact Support.
|Early Access Features Available Now|
|Custom URL Domains|
|Custom Okta-hosted Sign-In Page|
|Custom Error Page|
|Linked Objects API|
|Token Management API|
|System Log API|
|User Consent for OAuth 2.0 and OpenID Connect Flows|