Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-84260

Record whether clients should advertise id_token in IdP metadata

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None
    • Server Security
    • v7.3
    • Security 2024-01-08, Security 2024-01-22

    Description

      Some IdPs can't issue JWT formatted access tokens, and must issue opaque blobs. Clients of these authorization servers must acquire an id_token to forward to MongoDB Server. We should advertise metadata about these IdPs, so that clients will know that we want the id_token, not the access token. This metadata is only relevant for workforce identity flows. This metadata should default to requesting access tokens.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: