-
Type:
Task
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Major Change
-
Security 2023-04-03, Security 2023-04-17
SERVER-74735 must incidentally implement OAuth2 Authorization Server metadata discovery. We can re-use that mechanism to discover the JWKS endpoint, which we require in order to acquire the issuer's public token signing keys. Instead of requiring our administrator to populate the JWKS endpoint in our configuration, we should use metadata discovery to acquire the JWKS endpoint ourselves. Polling the endpoint will require network connectivity anyway, so this doesn't make us more brittle, and reduces configuration.
- has to be done after
-
SERVER-74735 Advertise Identity Provider Issuer in OIDC SASL flows
-
- Closed
-
- is depended on by
-
COMPASS-6710 Investigate changes in SERVER-75121: Remove JWKS URI from server OIDC configuration
-
- Closed
-