-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: OIDC DB Auth
-
None
-
Developer Tools
-
3
-
Needed
-
-
Iteration Wendiceratops
We should give users the ability to apply their system CA stores not just to the main connection to the MongoDB server, but also the IdP HTTPS requests made by the openid-client library.
https://github.com/panva/node-openid-client/tree/main/docs#customizing-individual-http-requests gives an example of how to set options, in this case we'd want to allow passing some allowed HTTP options (in particular, ca) to oidc-plugin which then forwards them to the actual HTTP calls.
We may need to store and re-store the CA certificates when serializing/deserializing OIDC state in this case as well.
- related to
-
MONGOSH-1852 Enable tlsUseSystemCA by default in devtools-connect
- Closed