[DOCS-16019] Investigate changes in SERVER-75121: Remove JWKS URI from server OIDC configuration Created: 07/Apr/23  Updated: 13/Nov/23  Resolved: 01/Aug/23

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: 7.0.0-rc0, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: Jocelyn Mendez
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-75121 Remove JWKS URI from server OIDC conf... Closed
Participants:
Days since reply: 27 weeks, 1 day ago

 Description   
Original Downstream Change Summary

This change removes the JWKSUri from OIDC configuration and saslStart responses. The JWKSUri is discovered from a metadata endpoint which can be constructed from the issuer URI, which is already defined in the configuration.

Description of Linked Ticket

SERVER-74735 must incidentally implement OAuth2 Authorization Server metadata discovery. We can re-use that mechanism to discover the JWKS endpoint, which we require in order to acquire the issuer's public token signing keys. Instead of requiring our administrator to populate the JWKS endpoint in our configuration, we should use metadata discovery to acquire the JWKS endpoint ourselves. Polling the endpoint will require network connectivity anyway, so this doesn't make us more brittle, and reduces configuration.



 Comments   
Comment by Jocelyn Mendez [ 01/Aug/23 ]

Thank you anna.henningsen@mongodb.com!

Comment by Anna Henningsen [ 01/Aug/23 ]

jocelyn.mendez@mongodb.com Yes, you can go ahead and close this

Comment by Jocelyn Mendez [ 31/Jul/23 ]

Hi anna.henningsen@mongodb.com, I wanted to confirm if this was addressed in the following comment: https://github.com/10gen/docs-mongodb-internal/pull/3319#discussion_r1229987413 ? If so, I can go ahead and close this ticket

Generated at Thu Feb 08 08:14:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.