[SERVER-73495] Allow JWKS refresh to invalidate keys even on failure Created: 31/Jan/23  Updated: 29/Oct/23  Resolved: 02/Mar/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.0.0-rc0

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Adrian Gonzalez Montemayor
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Server Security
Backwards Compatibility: Fully Compatible
Sprint: Security 2023-02-20, Security 2023-03-06
Participants:

 Description   

If forced JWKS refresh fails, any cached JWKSes are left active in memory. This preserves availability. However, administrators perform JWKS refresh to recover from IdP private key compromise. It can be important for compromised key material to be distrusted, even if we are unable to obtain fresh, valid, material.

We should introduce a mechanism which lets us flush JWKS even on re-acquisition failure.



 Comments   
Comment by Githook User [ 02/Mar/23 ]

Author:

{'name': 'Adrian Gonzalez', 'email': 'adriangonzalezmontemayor@gmail.com', 'username': 'adriangzz'}

Message: SERVER-73495 Allow JWKS refresh to invalidate keys even on failure
Branch: master
https://github.com/mongodb/mongo/commit/5053b3a61e96650ecee5590145e2f4e01c80b715

Generated at Thu Feb 08 06:24:50 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.