[SERVER-67663] Parse compactly serialized JSON Web Tokens Created: 29/Jun/22  Updated: 28/Oct/22  Resolved: 30/Aug/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Varun Ravichandran Assignee: Sara Golemon
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-69124 Refactor JWS Signature validation Closed
is depended on by SERVER-67664 Validate parsed ID tokens Closed
Sprint: Security 2022-07-25, Security 2022-08-08, Security 2022-08-22, Security 2022-09-05
Participants:

 Description   

The ID tokens minted by the Identity Provider will be JSON Web Tokens (JWTs). They will be sent from the IdP back to the shell, which will propagate it to the mongod in a SASL step. In transit, the JWT will be represented in the compact serialization form, which appears as follows:

Base64URLEncoded(Header).Base64URLEncoded(Payload).Base64URLEncoded(Signature).

The server should define IDL types to represent the JWTHeader and JWTPayload that get parsed after decoding the Base64URLEncoded strings. The JWTHeader type is expected to have the typ, alg, and kid fields. The JWTPayload type is expected to have the iss, aud, iat, and exp fields.

A unit test should be written that verifies that valid JWT Compact Serializations are parsed into these structures. The unit test should also validate that required fields are not omitted.

Futher details are available here.


Generated at Thu Feb 08 06:08:43 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.