Skip to content

3.1.3

Release Date: February 12, 2026

✨ New Features

Project Templates

Document Services Business Domain 📄

Templates: All SAIF templates with business domain support

Added Document Services to the available business domains across all SAIF templates, expanding governance and compliance capabilities.

Affected Templates:

  • saif-api-exp - Experience APIs
  • saif-api-proc - Process APIs
  • saif-api-sys - System APIs
  • saif-event-service - Event services
  • saif-feature-* - Feature templates
  • saif-nuget-package - NuGet packages
  • saif-terraform-module - Terraform modules

Impact:

  • ✅ Enables teams to create document management services within the Document Services domain
  • ✅ Provides standardized naming and governance for document-related APIs and services
  • ✅ Extends the SAIF business domain taxonomy to support document workflows across all project types

🔧 Enhancements

Terraform Modules

Okta Auth Server Configurable Issuer Mode

Module: okta-oidc-client

Made Okta Auth Server Issuer Mode configurable with default to maintain backward compatibility, enabling custom branded domain URL support for Okta authentication.

What Changed:

Added issuer_mode variable to the okta-oidc-client module with default value "ORG_URL". This allows users to configure the Auth Server Issuer Mode to support custom domain URLs (login.saif.com, login-np.saif.com) while maintaining backward compatibility.

New Variables:

  • issuer_mode (string, default: "ORG_URL") - Controls which URL appears in JWT iss claims and .well-known/openid-configuration endpoint. Options: ORG_URL, CUSTOM_URL, or DYNAMIC

Example:

# Custom domain URLs
module "oktaApp-Api" {
  source                               = "app.terraform.io/SAIFCorp/oidc-client/okta"
  version                              = ">= 3.0.0, < 4.0.0"
  project_id                           = "my-api"
  okta_app_type                        = "API"
  issuer_mode                          = "CUSTOM_URL"
  # Tokens will contain iss: "https://login-np.saif.com/oauth2/..." (non-prod)
  # or iss: "https://login.saif.com/oauth2/..." (production)
}

Benefits:

  • ✅ Backward compatible - defaults to original ORG_URL behavior
  • ✅ Configurable for custom domain support via CUSTOM_URL option
  • ✅ Flexible with DYNAMIC option to let apps choose based on request
  • ✅ Validated input - only accepts ORG_URL, CUSTOM_URL, or DYNAMIC
  • ✅ APIM policies can validate tokens correctly when using custom domains

PR: #329

Expanded External Test User Configuration

Module: okta-external-test-users

Expanded External Test User configuration to include phone number and title attributes, enabling richer test data for applications requiring these identity claims.

What Changed:

Added primary_phone and title attribute configuration to the okta-external-test-users Terraform module. The title claim is now exposed through the reserved OIDC profile scope, and primary_phone is available through the phone scope.

New Attributes:

  • primary_phone - Phone number for external test users (exposed via OIDC phone scope)
  • title - Job title for external test users (exposed via OIDC profile scope)

Example:

user_map = [
  {
    login         = "test.user@example.com"
    email         = "test.user@example.com"
    first_name    = "Test"
    last_name     = "User"
    primary_phone = "+15551234567"
    title         = "Software Engineer"
  }
]

Benefits:

  • ✅ Expanded External Test User Configuration with phone and title
  • ✅ Increased External Identity Claim Availability for testing scenarios
  • ✅ Aligns with NGP payroll reporting requirements (email, phone, title)

Documentation:

PR: #391

🔧 Dependency Updates

.NET Packages

  • ⬆️ Aspire.Hosting - Updated from 13.1.0 to 13.1.1 - Bug fixes for HTTPS port chaining, Vite config paths, Azure Bicep resources, and dev certificate filtering
  • ⬆️ Aspire.Oracle.EntityFrameworkCore - Updated from 13.1.0 to 13.1.1
  • ⬆️ Microsoft.Extensions.Configuration.AzureAppConfiguration - Updated from 8.4.0 to 8.5.0 - Added ConnectAzureFrontDoor method for CDN support
  • ⬆️ Microsoft.Extensions.* (10.0 packages) - Updated from 10.0.2 to 10.0.3
  • ⬆️ Microsoft.Extensions.ServiceDiscovery - Updated from 10.2.0 to 10.3.0 - Improved retry logic and AI function support
  • ⬆️ Microsoft.TemplateEngine.* - Updated from 10.0.102 to 10.0.103

TypeScript Packages

  • ⬆️ @types/react - Updated from 19.2.13 to 19.2.14

🔄 Breaking Changes

None in this release

📋 Additional Notes

  • Total commits: 16
  • User-facing commits: 9 (excluded 7 internal commits)
  • Contributors: 6 (Copilot, dependabot[bot], Emmitt Johnson, GitHub, Jace Allison, Jason Corona Yue)

Impact Summary

This patch release expands SAIF Platform capabilities with Document Services business domain support, enhanced Okta authentication configuration for custom domains, and richer external test user attributes. Dependency updates include critical Aspire 13.1.1 bug fixes and Microsoft Extensions 10.3.0 improvements.

For Developers

  • Document Services Domain - Now available across all SAIF templates when creating new projects (APIs, event services, features, NuGet packages, Terraform modules)
  • Okta Custom Domains - Set issuer_mode = "CUSTOM_URL" in your Terraform configuration for custom branded URLs
  • External Test Users - Add primary_phone and title to your test user configurations for richer testing scenarios
  • No Breaking Changes - All improvements are backward compatible

Support

  • 📧 Teams Support Channel: Support