[SERVER-75122] Remove Client Secrets from configuration and saslStart Created: 22/Mar/23  Updated: 29/Oct/23  Resolved: 01/Apr/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.0.0-rc0

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Backwards Compatibility: Minor Change
Sprint: Security 2023-04-03
Participants:

 Description   

We should not accept a Client Secret in our OAuth2 configuration. We are a public client, so we should not allow the Authorization Server to allocate a secret and potentially believe we are a confidential client.



 Comments   
Comment by Githook User [ 28/Mar/23 ]

Author:

{'name': 'Spencer Jackson', 'email': 'spencer.jackson@mongodb.com', 'username': 'spencerjackson'}

Message: SERVER-75122 Remove Client Secret
Branch: master
https://github.com/mongodb/mongo/commit/d39c9ce97ba04ccf487619948b6ef1a56c952ebc

Generated at Thu Feb 08 06:29:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.