[SERVER-81631] Make authorizationClaim OIDC IdP configuration field optional Created: 02/Oct/23  Updated: 12/Dec/23  Resolved: 09/Nov/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.3.0-rc0, 7.2.0-rc2, 7.0.5

Type: Task Priority: Major - P3
Reporter: Varun Ravichandran Assignee: Varun Ravichandran
Resolution: Fixed Votes: 0
Labels: pm-3513
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Documented
is documented by DOCS-16487 Investigate changes in SERVER-81631: ... Closed
Backwards Compatibility: Fully Compatible
Backport Requested:
v7.2, v7.0
Sprint: Security 2023-10-16, Security 2023-10-30, Security 2023-11-13
Participants:

 Description   

Today, the authorizationClaim field of the OIDC IdP configuration is mandatory, and the server expects this claim to exist in all access tokens that are presented to it for authentication. It is used to determine the direct set of groups that the user is a member of, which are then mapped to MongoDB roles.

This ticket will introduce a new IdP configuration field called useAuthorizationClaim that is defaulted to true. When it is toggled to false, authorizationClaim will be optional and the server will instead authorize the user via a user document if it is not specified.


Generated at Thu Feb 08 06:47:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.