[SERVER-75121] Remove JWKS URI from server OIDC configuration Created: 22/Mar/23  Updated: 29/Oct/23  Resolved: 07/Apr/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.0.0-rc0

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by COMPASS-6710 Investigate changes in SERVER-75121: ... Closed
Documented
is documented by DOCS-16019 Investigate changes in SERVER-75121: ... Closed
Gantt Dependency
has to be done after SERVER-74735 Advertise Identity Provider Issuer in... Closed
Related
Backwards Compatibility: Major Change
Sprint: Security 2023-04-03, Security 2023-04-17
Participants:

 Description   

SERVER-74735 must incidentally implement OAuth2 Authorization Server metadata discovery. We can re-use that mechanism to discover the JWKS endpoint, which we require in order to acquire the issuer's public token signing keys. Instead of requiring our administrator to populate the JWKS endpoint in our configuration, we should use metadata discovery to acquire the JWKS endpoint ourselves. Polling the endpoint will require network connectivity anyway, so this doesn't make us more brittle, and reduces configuration.



 Comments   
Comment by Githook User [ 07/Apr/23 ]

Author:

{'name': 'Spencer Jackson', 'email': 'spencer.jackson@mongodb.com', 'username': 'spencerjackson'}

Message: SERVER-75121 Remove JWKS URI from OIDC configuration
Branch: master
https://github.com/mongodb/mongo/commit/45c4c96122bed169acf7d7cb0303c0fa600cce04

Generated at Thu Feb 08 06:29:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.