Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 7.0.0-rc0
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Major Change
Sprint:
Security 2023-04-03, Security 2023-04-17
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

~~SERVER-74735~~ must incidentally implement OAuth2 Authorization Server metadata discovery. We can re-use that mechanism to discover the JWKS endpoint, which we require in order to acquire the issuer's public token signing keys. Instead of requiring our administrator to populate the JWKS endpoint in our configuration, we should use metadata discovery to acquire the JWKS endpoint ourselves. Polling the endpoint will require network connectivity anyway, so this doesn't make us more brittle, and reduces configuration.

has to be done after

SERVER-74735 Advertise Identity Provider Issuer in OIDC SASL flows

Closed

is depended on by

COMPASS-6710 Investigate changes in SERVER-75121: Remove JWKS URI from server OIDC configuration

Closed

Assignee:: Spencer Jackson
Reporter:: Spencer Jackson
Participants:: Githook User, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Mar 22 2023 02:40:43 AM UTC
Updated:: Oct 29 2023 09:24:30 PM UTC
Resolved:: Apr 07 2023 09:31:17 PM UTC
Confidence Status Last Update:: 01/Apr/23 4:57 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates