Ensure that MongoDB Server rejects JWT tokens with multiple audience claims

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Duplicate
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security
    • v7.3, v7.0
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      A OIDC conformant JWT may contain multiple aud claims. Tokens of this form are rare, because the semantics of their claims can be unclear. Because the audience is used to identify authentication principals, we should reject tokens with multiple audiences.

              Assignee:
              [DO NOT USE] Backlog - Security Team
              Reporter:
              Spencer Jackson
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: