Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-81631

Make authorizationClaim OIDC IdP configuration field optional

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 7.3.0-rc0, 7.2.0-rc2, 7.0.5
    • None
    • None
    • Fully Compatible
    • v7.2, v7.0
    • Security 2023-10-16, Security 2023-10-30, Security 2023-11-13

    Description

      Today, the authorizationClaim field of the OIDC IdP configuration is mandatory, and the server expects this claim to exist in all access tokens that are presented to it for authentication. It is used to determine the direct set of groups that the user is a member of, which are then mapped to MongoDB roles.

      This ticket will introduce a new IdP configuration field called useAuthorizationClaim that is defaulted to true. When it is toggled to false, authorizationClaim will be optional and the server will instead authorize the user via a user document if it is not specified.

      Attachments

        Activity

          People

            varun.ravichandran@mongodb.com Varun Ravichandran
            varun.ravichandran@mongodb.com Varun Ravichandran
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: