Hi,

I find out the OAuth access token is still valid even after the user password is being reset, can I know is it a right behavior? If yes, is there has any reason on it?
Since I believe I will reset the user password when it has been compromised and all the access token should be revoked as well...

Hi,

I have registered a trial version of Enterprise Edition, but I not able to see the sandbox option. Does Salesforce already remove that?