Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-81631

Make authorizationClaim OIDC IdP configuration field optional

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 7.3.0-rc0, 7.2.0-rc2, 7.0.5
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Fully Compatible
    • v7.2, v7.0
    • Security 2023-10-16, Security 2023-10-30, Security 2023-11-13

      Today, the authorizationClaim field of the OIDC IdP configuration is mandatory, and the server expects this claim to exist in all access tokens that are presented to it for authentication. It is used to determine the direct set of groups that the user is a member of, which are then mapped to MongoDB roles.

      This ticket will introduce a new IdP configuration field called useAuthorizationClaim that is defaulted to true. When it is toggled to false, authorizationClaim will be optional and the server will instead authorize the user via a user document if it is not specified.

            varun.ravichandran@mongodb.com Varun Ravichandran
            varun.ravichandran@mongodb.com Varun Ravichandran
            0 Vote for this issue
            3 Start watching this issue