Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 7.0.0-rc0
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Major Change
Sprint:
Security 2023-03-20, Security 2023-04-03
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

The server should advertise the "issuer" value that it expects to observe in the iss field of tokens presented to it.

A MongoDB Application or Driver must use this information to validate "OAuth 2.0 Authorization Server Issuer Identification" information advertised by the IdP.

To ensure that Drivers aren't relying on the authorization, token, or device authorization endpoints advertised by the server, we should remove them from the server accepted and advertised configuration.

has to be done before

SERVER-75121 Remove JWKS URI from server OIDC configuration

Closed

is depended on by

DRIVERS-2415 Implement OIDC SASL mechanism

In Progress

Assignee:: Spencer Jackson
Reporter:: Spencer Jackson
Participants:: Anna Henningsen, Githook User, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Mar 10 2023 12:26:18 AM UTC
Updated:: May 20 2024 09:24:23 PM UTC
Resolved:: Mar 24 2023 07:02:51 PM UTC
Confidence Status Last Update:: 17/Mar/23 5:15 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates