3.1.2¶
Release Date: February 06, 2026
✨ New Features¶
Authentication¶
Cookie Compression and Okta Compatibility 🍪¶
Package: SAIF.Platform.Authentication.AspNetCore
Enhanced SAIF Platform authentication with cookie compression to reduce session cookie size and improved Okta compatibility by disabling Pushed Authorization Requests (PAR).
Key Features:
- ✅ Compressed Cookie Format - Implemented
CompressedTicketDataFormatusing Brotli compression - ✅ Okta Compatibility - Disabled Pushed Authorization Requests (PAR) which is not supported by Okta
- ✅ Observability - Added comprehensive logging for cookie compression metrics using OpenTelemetry spans
- ✅ Production-Ready - Documentation includes observed compression statistics from production environments
Benefits:
- 🚀 64% Size Reduction - Reduces authentication ticket size from ~6,100 bytes to ~2,200 bytes compressed
- 🐛 Fixes Authentication Loops - Resolves critical issue where chunked session cookies were being dropped
- 📊 Better Monitoring - Telemetry tags for cookie size tracking (
cookie.ticket.serialized_bytes,cookie.ticket.compressed_bytes,cookie.ticket.compression_ratio) - 🔄 Automatic Configuration - Applied via
CompressedCookieAuthenticationPostConfigurepost-configuration handler
Technical Details:
The new CompressedTicketDataFormat addresses authentication loop issues by:
- Using Brotli compression (CompressionLevel.Optimal) before encryption
- Reducing final cookie size to ~3,100 characters (down from 8KB+ requiring 2-3 chunks)
- Preventing cookie chunking issues that caused dropped sessions
Impact:
This enhancement is critical for applications experiencing authentication loops due to large session cookies. The compression is transparent to applications and automatically enabled.
PR: #399
🐛 Bug Fixes¶
Authentication¶
- 🐛 AuthService Configuration Guard - Fixed
isConfiguredcheck in TypeScriptAuthServiceto properly handle empty string as "same-origin" instead of "not configured". Changed from checkingbaseUrl.length > 0to!== undefined, preserving backward compatibility (#400) - 🐛 Silent Navigation Failures - Removed
console.warnfrom navigation methods when auth is not configured, allowing library to fail silently without side effects - 🐛 Type Safety - Fixed
me()return type fromPromise<T>toPromise<T | User>to prevent runtime shape violations when auth is not configured
Infrastructure¶
- 🏗️ Optional Backend URL - Added
has_backend_apivariable tosaif-web-serviceTerraform module, allowing frontend-only applications to excludeAPP_BACKEND_URLfrom app settings (#400)
🔧 Dependency Updates¶
- ⬆️ Microsoft.Identity.Client - Updated from 4.82.0 to 4.82.1 - Adds support for implicit mTLS transport for client assertion delegates
- ⬆️ Microsoft.Identity.Client.Broker - Updated from 4.82.0 to 4.82.1
- ⬆️ Microsoft.Identity.Client.Extensions.Msal - Updated from 4.82.0 to 4.82.1
- ⬆️ Microsoft.Kiota packages - Updated from 1.21.2 to 1.21.3 - Improved default retry logic
- ⬆️ @types/node - Updated from 24.10.10 to 24.10.11
- ⬆️ @types/react - Updated from 19.2.10 to 19.2.13
🔄 Breaking Changes¶
None in this release ✅
📋 Additional Notes¶
- Total commits: 7
- User-facing changes: 5 (excluded 2 internal CI/GitHub configuration changes)
- Contributors: 2 (Emmitt Johnson, dependabot[bot])
Impact Summary¶
This patch release focuses on authentication improvements and bug fixes. The cookie compression feature is a critical enhancement that resolves authentication loop issues in production environments while reducing cookie size by 64%. The authentication service improvements provide better defensive checks and flexibility for frontend-only applications. Dependency updates include security and reliability improvements from Microsoft Identity and Kiota libraries.
For Developers
- Cookie Compression - Automatically enabled for all applications using
SAIF.Platform.Authentication.AspNetCore3.1.2+ - Frontend-only Apps - Set
has_backend_api = falsein your Terraform configuration to exclude backend URL - No Breaking Changes - All improvements are backward compatible
Support¶
- 📧 Teams Support Channel: Support