Validate OIDC allowed hosts before authenticator reuse

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Fixed
    • Priority: Unknown
    • 4.18.0
    • Affects Version/s: None
    • Component/s: None
    • None
    • None
    • Python Drivers
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      Context

      The cached authenticator is returned before checking the allowed hosts. In practice this is not an issue because the credentials are cached per adress. This is a correctness issue.

      Definition of done

      • validate MONGODB-OIDC allowed hosts before reusing a cached authenticator
      • apply the same ordering fix to sync and async OIDC auth helpers
      • add regression coverage for cached authenticator reuse with a disallowed host

      Pitfalls

      Ensure that we are not impacting caching logic.

            Assignee:
            Steve Silvester
            Reporter:
            Steve Silvester
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: