[SERVER-84260] Record whether clients should advertise id_token in IdP metadata Created: 15/Dec/23  Updated: 01/Feb/24

Status: Investigating
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Issue split
Related
Assigned Teams:
Server Security
Backport Requested:
v7.3
Sprint: Security 2024-01-08, Security 2024-01-22
Participants:

 Description   

Some IdPs can't issue JWT formatted access tokens, and must issue opaque blobs. Clients of these authorization servers must acquire an id_token to forward to MongoDB Server. We should advertise metadata about these IdPs, so that clients will know that we want the id_token, not the access token. This metadata is only relevant for workforce identity flows. This metadata should default to requesting access tokens.


Generated at Thu Feb 08 06:54:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.