Summary
New SASL mechanism targeting MongoDB 7.0. See https://openid.net/specs/openid-connect-core-1_0.html.
Motivation. This original ticket and spec work was targeting human workflows (Milestone A.1), and prioritized delivery in the Node driver, for consumption by Compass.
Several customers have asked if they can use single-sign on to login into Atlas clusters. Currently, the only mechanism available is AWS-IAM which they can then tie to their own identity provider. However, this mechanism is AWS-specific. Customers are looking for 1) their Atlas users to also login into the database without creating database specific credentials 2) provide native support for Azure and GCP IAM for the database. This project is a stepping stone towards achieving these goals.
Cast of Characters
Engineering Lead: James Kovacs
Document Author: Steven Silvester
POCers: Steven Silvester, Dmitry Lukyanov
Product Owner: Shubam Ranjan
Program Manager: Esha Bhargava
Stakeholders: Anna Henningsen
Channels & Docs
Slack Channel
Scope Document
Technical Design Document
- depends on
-
SERVER-74735 Advertise Identity Provider Issuer in OIDC SASL flows
- Closed
- has to be done before
-
DRIVERS-2416 OIDC: Automatic token acquisition for Azure Identity Provider
- Implementing
- is depended on by
-
DRIVERS-2615 OIDC reauth sends commands we know will fail
- Backlog
-
DRIVERS-2508 OIDC: Automatic token acquisition for AWS Identity Providers
- Closed
-
DRIVERS-2550 OIDC: Add Documentation Examples
- Implementing
-
DRIVERS-2601 OIDC: Automatic token acquisition for GCP Identity Provider
- Implementing
- related to
-
DRIVERS-2585 Use AWS Secrets Manager for Evergreen Test Secrets
- In Progress
-
DRIVERS-2882 Add Kubernetes Support for OIDC
- Implementing
-
DRIVERS-2508 OIDC: Automatic token acquisition for AWS Identity Providers
- Closed
-
DRIVERS-2616 OIDC-SASL Follow-Up
- Closed
-
DRIVERS-2416 OIDC: Automatic token acquisition for Azure Identity Provider
- Implementing
- split to
-
RUBY-3148 Implement OIDC SASL mechanism
- Backlog
-
RUST-1497 Implement OIDC SASL mechanism
- Backlog
-
JAVA-4757 Implement OIDC SASL mechanism
- Released
-
CDRIVER-4489 Implement OIDC SASL mechanism
- Ready for Work
-
CXX-2590 Implement OIDC SASL mechanism
- Execution Blocked
-
PHPLIB-1002 Implement OIDC SASL mechanism
- Execution Blocked
-
GODRIVER-2574 Implement OIDC SASL mechanism
- Development Complete
-
MOTOR-1040 Implement OIDC SASL mechanism
- Development Complete
-
NODE-4692 Implement OIDC SASL mechanism
- Development Complete
-
PYTHON-3460 Implement OIDC SASL mechanism
- Development Complete
-
CSHARP-4448 Implement OIDC SASL mechanism
- Closed
- mentioned in
-
Page Loading...