Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Backport Requested:

v8.2, v8.1, v8.0, v7.3, v7.2, v7.0
Sprint:
Security 2024-01-08, Security 2024-01-22
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Some IdPs can't issue JWT formatted access tokens, and must issue opaque blobs. Clients of these authorization servers must acquire an id_token to forward to MongoDB Server. We should advertise metadata about these IdPs, so that clients will know that we want the id_token, not the access token. This metadata is only relevant for workforce identity flows. This metadata should default to requesting access tokens.

Assignee:: [DO NOT USE] Backlog - Security Team
Reporter:: Spencer Jackson
Participants:: [DO NOT USE] Backlog - Security Team, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Dec 15 2023 10:56:00 PM UTC
Updated:: Jul 22 2025 08:44:18 PM UTC

Details

Description

Attachments

Activity

People

Dates