Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-68054

Exchange authorization code for ID token and complete SaslOIDCClientConversation framework

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Duplicate
    • None
    • None
    • None
    • None
    • Security

    Description

      After the web server is able to retrieve authorization codes, the shell should launch a HttpClient that connects to the authURL's token endpoint and includes the clientId, clientSecret, and authorization code in the GET request's parameters. Upon retrieving the token in response, the SaslOIDCClientConversation should provide this token as the second step of SASL with the server and handle the response as either authentication success or failure.

      For now, we will not write a test to fully validate this flow, but we can assume that this works if we can authenticate using Okta as an IdP with MFA from the shell to the server in a live demo.

      Attachments

        Issue Links

          Activity

            People

              backlog-server-security Backlog - Security Team
              varun.ravichandran@mongodb.com Varun Ravichandran
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: