[SERVER-69565] Support MONGODB-OIDC SASL mechanism in shell with ID token Created: 09/Sep/22 Updated: 05/Dec/22 Resolved: 28/Oct/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Varun Ravichandran | Assignee: | Backlog - Security Team |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Assigned Teams: |
Server Security
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Sprint: | Security 2022-09-19, Security 2022-10-03 | ||||||||
| Participants: | |||||||||
| Description |
|
The OIDC SASL mechanism should be usable in two different ways: either with a username that prompts the server to provide IdP-related information to the client so it can retrieve a token, or directly with a token that allows for immediate authentication. This ticket will address the latter case so that the shell can be provided with a token to directly send to the server when using the OIDC SASL mech. |