[SERVER-68054] Exchange authorization code for ID token and complete SaslOIDCClientConversation framework - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major - P3
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Security

Description

After the web server is able to retrieve authorization codes, the shell should launch a HttpClient that connects to the authURL's token endpoint and includes the clientId, clientSecret, and authorization code in the GET request's parameters. Upon retrieving the token in response, the SaslOIDCClientConversation should provide this token as the second step of SASL with the server and handle the response as either authentication success or failure.

For now, we will not write a test to fully validate this flow, but we can assume that this works if we can authenticate using Okta as an IdP with MFA from the shell to the server in a live demo.

Attachments

Issue Links

clones

SERVER-67654 Implement authorization code token acquisition flow in the mongo shell

Closed

Activity

People

Assignee:: Backlog - Security Team

Reporter:: Varun Ravichandran

Participants:: Backlog - Security Team, Varun Ravichandran

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: Jul 14 2022 03:00:13 PM UTC

Updated:: Dec 05 2022 11:56:39 PM UTC

Resolved:: Aug 05 2022 04:59:45 PM UTC