Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-75122

Remove Client Secrets from configuration and saslStart

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 7.0.0-rc0
    • None
    • None
    • None
    • Minor Change
    • Security 2023-04-03

    Description

      We should not accept a Client Secret in our OAuth2 configuration. We are a public client, so we should not allow the Authorization Server to allocate a secret and potentially believe we are a confidential client.

      Attachments

        Activity

          People

            spencer.jackson@mongodb.com Spencer Jackson
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: