Uploaded image for project: 'MongoDB Shell'
  1. MongoDB Shell
  2. MONGOSH-1712

Apply --tlsUseSystemCA to oidc-plugin HTTPS requests

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 2.2.0
    • Affects Version/s: None
    • Component/s: OIDC DB Auth
    • None
    • 3
    • Iteration Wendiceratops
    • Needed
    • Hide

      We should mention in the Compass and mongosh docs that the `--tlsUseSystemCA` flag/the Compass checkbox applies to the OIDC identity provider as well.

      Show
      We should mention in the Compass and mongosh docs that the `--tlsUseSystemCA` flag/the Compass checkbox applies to the OIDC identity provider as well.
    • Developer Tools

      We should give users the ability to apply their system CA stores not just to the main connection to the MongoDB server, but also the IdP HTTPS requests made by the openid-client library.

      https://github.com/panva/node-openid-client/tree/main/docs#customizing-individual-http-requests gives an example of how to set options, in this case we'd want to allow passing some allowed HTTP options (in particular, ca) to oidc-plugin which then forwards them to the actual HTTP calls.

      We may need to store and re-store the CA certificates when serializing/deserializing OIDC state in this case as well.

            Assignee:
            anna.henningsen@mongodb.com Anna Henningsen
            Reporter:
            anna.henningsen@mongodb.com Anna Henningsen
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: