[SERVER-68053] Launch browser and web server to retrieve ID token in shell Created: 14/Jul/22 Updated: 05/Dec/22 Resolved: 05/Aug/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Varun Ravichandran | Assignee: | Backlog - Security Team |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Assigned Teams: |
Server Security
|
||||||||
| Participants: | |||||||||
| Description |
|
If oidcIdToken is not specified on the shell but SASL mechanism negotiation for a given user ends in OIDC, then the server will provide the authURL, clientId, and clientSecret in its saslStart reply. The shell should parse the server reply and launch a browser on the local machine pointing to the authURL. It should then launch an HTTP server listening at http://localhost:8080/authorization-code/callback that can handle GET requests with the authorization code provided as a query parameter. The server can be shut down as soon as it retrieves the authorization code from the reply. More details to come... |