A new property was added to the existing login.properties file:

# The Random-Token is a one time token with a limited lifetime, which is used to initiate sessions through 3rd party applications or
# websites. It is a UUID, generated by the backend via default Java UUID implementation. This token is deprecated and disabled by default.
# Setting this to false will prevent a random token from being written as part of the login response and prevent logins via a random
# token.
com.openexchange.ajax.login.randomToken=false

The consequences:
- The login response does no longer contain a random token (http://oxpedia.org/wiki/index.php?title=Login_variations#Random) by default

- The login?action=redirect (http://oxpedia.org/wiki/index.php?title=HTTP_API#Redirect) and login?action=redeem fail with a HTTP 400 Status when you try to login with a random token.

The alternative login methods can be seen at http://oxpedia.org/wiki/index.php?title=HTTP_API#Module_.22login.22