[SERVER-68054] Exchange authorization code for ID token and complete SaslOIDCClientConversation framework Created: 14/Jul/22  Updated: 05/Dec/22  Resolved: 05/Aug/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Varun Ravichandran Assignee: Backlog - Security Team
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
clones SERVER-67654 Implement authorization code token ac... Closed
Assigned Teams:
Server Security
Participants:

 Description   

After the web server is able to retrieve authorization codes, the shell should launch a HttpClient that connects to the authURL's token endpoint and includes the clientId, clientSecret, and authorization code in the GET request's parameters. Upon retrieving the token in response, the SaslOIDCClientConversation should provide this token as the second step of SASL with the server and handle the response as either authentication success or failure.

For now, we will not write a test to fully validate this flow, but we can assume that this works if we can authenticate using Okta as an IdP with MFA from the shell to the server in a live demo.


Generated at Thu Feb 08 06:09:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.