The release of Oqtane 3.1 a month ago represented a significant step forward for the platform, as it introduced support for security standards such as OAuth 2.0 and OpenId Connect for authentication, as well as Jwt authorization for external client applications and downstream APIs.
The 3.1.1 release is primarily focused on stabilization, ensuring that all of the features introduced in 3.1 function as optimally as possible. This includes improvements to external login to include email verification logic for existing user accounts (thanks to Michael Washington for identifying this enhancement), improvements for retreiving user identifier claims, and the ability to customize your authentication cookie name for each site.
Oqtane utilizes a Backend-for-Frontend architecture which relies on cookie authentication for all interaction between the web client and server. For this authentication approach it is recommended that web applications use antiforgery tokens to prevent XSRF attacks. Implementing antiforgery on Blazor has some unique challenges due to its client/server architecture. Oqtane 3.1.1 provides anti-forgery protection at a global level using a filter which can differentiate between cookie and Jwt requests.
This release includes 23 pull requests by 3 different contributors, pushing the total number of project commits all-time to over 2800. The Oqtane framework continues to evolve at a rapid pace to meet the needs of .NET developers. The 3.1.1 release is available for download on Github and is running in production at https://www.oqtane.org.