[SERVER-68053] Launch browser and web server to retrieve ID token in shell Created: 14/Jul/22  Updated: 05/Dec/22  Resolved: 05/Aug/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Varun Ravichandran Assignee: Backlog - Security Team
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
clones SERVER-67654 Implement authorization code token ac... Closed
Assigned Teams:
Server Security
Participants:

 Description   

If oidcIdToken is not specified on the shell but SASL mechanism negotiation for a given user ends in OIDC, then the server will provide the authURL, clientId, and clientSecret in its saslStart reply. The shell should parse the server reply and launch a browser on the local machine pointing to the authURL. It should then launch an HTTP server listening at http://localhost:8080/authorization-code/callback that can handle GET requests with the authorization code provided as a query parameter. The server can be shut down as soon as it retrieves the authorization code from the reply.

More details to come...


Generated at Thu Feb 08 06:09:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.