<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:15:29 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DOCS-16489] Investigate changes in SERVER-82143: Make clientId OIDC IdP configuration field optional</title>
                <link>https://jira.mongodb.org/browse/DOCS-16489</link>
                <project id="10380" key="DOCS">Documentation</project>
                    <description>    &lt;div class=&quot;panel&quot; style=&quot;background-color: #c2d2c2;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelHeader&quot; style=&quot;border-bottom-width: 1px;background-color: #239eb0;&quot;&gt;&lt;b&gt;Original Downstream Change Summary&lt;/b&gt;&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;    This ticket introduces the supportsHumanFlows configuration field to every element in the oidcIdentityProviders setParameter array. supportsHumanFlows is a boolean flag that defaults to true. If it is set to false, then the clientId configuration field is optional for that identity provider. Subsequently, if a driver runs saslStart for MONGODB-OIDC while providing a principal name, the server&apos;s response may not include a clientId if the matched IdP had supportsHumanFlows set to false.&lt;/p&gt;

&lt;p&gt;In practice, this is expected to only be used for machine flow/workload IdPs. These clients should never be performing authorization code flow or device authorization grant for token acquisition, so setting supportsHumanFlows to false will allow them to elide clientId entirely when it&apos;s not needed.&lt;/p&gt;
&lt;h2&gt;&lt;a name=&quot;DescriptionofLinkedTicket&quot;&gt;&lt;/a&gt;Description of Linked Ticket&lt;/h2&gt;
&lt;p&gt;    Today, the&#160;&lt;tt&gt;clientId&lt;/tt&gt; field of the OIDC IdP configuration is mandatory, and the server fails to start if it is not supplied with one for every configured IdP. It is included in the &lt;tt&gt;saslStart&lt;/tt&gt; reply to Drivers running that command with MONGODB-OIDC as the auth mech. However, Drivers only need this field if the token acquisition flow that they run is a human-based flow such as authorization code flow or device authorization grant. Service accounts authenticating with OIDC may not need to register a &lt;tt&gt;clientId&lt;/tt&gt; with the IdP.&lt;/p&gt;

&lt;p&gt;This ticket will introduce a new IdP configuration field called&#160;&lt;tt&gt;supportsHumanFlows&lt;/tt&gt;&#160;that is defaulted to true. When it is toggled to false,&#160;&lt;tt&gt;clientId&lt;/tt&gt; will be optional and the server will not supply that in the &lt;tt&gt;saslStart&lt;/tt&gt; reply to clients authenticating with MONGODB-OIDC.&lt;/p&gt;
</description>
                <environment></environment>
        <key id="2496928">DOCS-16489</key>
            <summary>Investigate changes in SERVER-82143: Make clientId OIDC IdP configuration field optional</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="4" iconUrl="https://jira.mongodb.org/images/icons/priorities/minor.svg">Minor - P4</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="kenneth.dyer@mongodb.com">Kenneth Dyer</assignee>
                                    <reporter username="backlog-server-pm">Backlog - Core Eng Program Management Team</reporter>
                        <labels>
                            <label>proactive</label>
                    </labels>
                <created>Fri, 10 Nov 2023 16:51:59 +0000</created>
                <updated>Mon, 5 Feb 2024 16:21:36 +0000</updated>
                            <resolved>Tue, 5 Dec 2023 16:00:14 +0000</resolved>
                                                    <fixVersion>7.3.0-rc0</fixVersion>
                    <fixVersion>7.2.0-rc2</fixVersion>
                    <fixVersion>7.0.5</fixVersion>
                    <fixVersion>Server_Docs_[20240205]</fixVersion>
                                    <component>manual</component>
                    <component>Server</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                    <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                        <issuelink>
            <issuekey id="2522343">DOCS-16537</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10320">
                    <name>Documented</name>
                                            <outwardlinks description="documents">
                                        <issuelink>
            <issuekey id="2472960">SERVER-82143</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_14258" key="com.atlassian.jira.plugin.system.customfieldtypes:datepicker">
                        <customfieldname>Baseline start date</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 13 Nov 2023 00:00:00 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 15 Nov 2023 20:53:03 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        12 weeks, 5 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17052" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Downstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>This ticket introduces the supportsHumanFlows configuration field to every element in the oidcIdentityProviders setParameter array. supportsHumanFlows is a boolean flag that defaults to true. If it is set to false, then the clientId configuration field is optional for that identity provider. Subsequently, if a driver runs saslStart for MONGODB-OIDC while providing a principal name, the server&amp;#39;s response may not include a clientId if the matched IdP had supportsHumanFlows set to false.&lt;br/&gt;
&lt;br/&gt;
In practice, this is expected to only be used for machine flow/workload IdPs. These clients should never be performing authorization code flow or device authorization grant for token acquisition, so setting supportsHumanFlows to false will allow them to elide clientId entirely when it&amp;#39;s not needed.</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_14873" key="com.atlassian.jira.plugin.system.customfieldtypes:multiuserpicker">
                        <customfieldname>External Reviewer</customfieldname>
                        <customfieldvalues>
                                    <customfieldvalue><![CDATA[varun.ravichandran@mongodb.com]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>emet.ozar@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            12 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>backlog-server-pm</customfieldvalue>
            <customfieldvalue>kenneth.dyer@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i2zx9j:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i2hqws:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i2zjev:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>