Details
-
Task
-
Resolution: Unresolved
-
Major - P3
-
None
-
None
-
None
-
None
-
Server Security
-
v7.3
-
Security 2024-01-08, Security 2024-01-22
Description
Some IdPs can't issue JWT formatted access tokens, and must issue opaque blobs. Clients of these authorization servers must acquire an id_token to forward to MongoDB Server. We should advertise metadata about these IdPs, so that clients will know that we want the id_token, not the access token. This metadata is only relevant for workforce identity flows. This metadata should default to requesting access tokens.