Uploaded image for project: 'MongoDB Shell'
  1. MongoDB Shell
  2. MONGOSH-2145

[OIDC] Use expiration time of ID token if passIdTokenAsAccessToken is set

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: OIDC DB Auth
    • Iteration Zenith, Iteration A (Apr 21 - May 5)
    • None
    • Developer Tools

      Problem Statement/Rationale

      If we are using ID tokens for authentication, we should be using the expiration time set in the ID token instead of the time specified in the token set response, since that time refers to the access token's expiration time.

      Steps to Reproduce

      Modify our mock HTTP IdP server to pass different expiration times for ID and access token, then start mongosh running against that IdP.

      Expected Results

      Compass/mongosh stays authenticated after ID tokens expires, by refreshing.

      Actual Results

      Compass/mongosh enters a state of passing expired ID tokens to the driver, so authentication fails consistently for any new command.

      This change should be noted in the spec.

            Assignee:
            anna.henningsen@mongodb.com Anna Henningsen
            Reporter:
            anna.henningsen@mongodb.com Anna Henningsen
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: