<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 06:08:42 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-67654] Implement authorization code token acquisition flow in the mongo shell</title>
                <link>https://jira.mongodb.org/browse/SERVER-67654</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;After &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-67625&quot; title=&quot;Negotiate OIDC SASL Mechanism (Server)&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-67625&quot;&gt;&lt;del&gt;SERVER-67625&lt;/del&gt;&lt;/a&gt;, the server now can recognize the OIDC SASL mechanism when &lt;tt&gt;featureFlagOIDCSpike&lt;/tt&gt; is enabled and has the ability to provide the client with the requisite &lt;tt&gt;authURL&lt;/tt&gt;, &lt;tt&gt;clientId,&lt;/tt&gt; and &lt;tt&gt;clientSecret&lt;/tt&gt; needed to retrieve the authorization code and then the ID token. Additionally, the server is now capable of parsing and validating ID tokens presented to it as compactly serialized JWSes.&#160;&lt;/p&gt;

&lt;p&gt;In order to validate the server&apos;s ability to participate in OIDC authentication flows, we can model the client application-side authorization code flow in the mongo shell. This will allow an end user to authenticate to a standalone mongod deployment using an external identity provider (in this case, MongoDB&apos;s Okta authorization server).&lt;/p&gt;

&lt;p&gt;This ticket will require the following components:&lt;/p&gt;
&lt;ol&gt;
	&lt;li&gt;Create a new &lt;tt&gt;SaslOIDCClientConversation&lt;/tt&gt; class that extends from &lt;tt&gt;SaslClientConversation&lt;/tt&gt;. In its first step, it should simply send the username to the server. Refer to the implementation of &lt;tt&gt;SaslOIDCServerConversation&lt;/tt&gt; for the exact format that this should be sent in.&lt;/li&gt;
	&lt;li&gt;In the second step, it should parse the &lt;tt&gt;idp&lt;/tt&gt;, &lt;tt&gt;clientId&lt;/tt&gt;, and &lt;tt&gt;clientSecret&lt;/tt&gt; from the server. After parsing that information, it should launch a browser pointing to &lt;tt&gt;idp&lt;/tt&gt; + &lt;tt&gt;/oauth2/default/v1/authorize?client_id=&amp;lt;clientId&amp;gt;&amp;amp;response_type=code&amp;amp;scope=openid&amp;amp;state=&amp;lt;randomstring&amp;gt;&amp;amp;redirect_uri=&lt;a href=&quot;http://localhost:47617/authorize/callback&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://localhost:47617/authorize/callback&lt;/a&gt;&lt;/tt&gt; using the &lt;tt&gt;system&lt;/tt&gt; syscall (this should work on Unix systems, and the shell will be running on OS X for demo purposes). Then, it should launch a HTTP server listening on all local interfaces at port 47617.&lt;/li&gt;
	&lt;li&gt;In order to build the HTTP server, vendor the boost::beast library. To vendor the library into the server codebase, modify &lt;a href=&quot;https://github.com/10gen/mongo/blob/master/src/third_party/scripts/boost_get_sources.sh#L46&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;this line&lt;/a&gt; such that it only contains &lt;tt&gt;beast&lt;/tt&gt; and then run the script.&lt;/li&gt;
	&lt;li&gt;Use &lt;a href=&quot;https://www.boost.org/doc/libs/master/libs/beast/example/http/server/small/http_server_small.cpp&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;this example&lt;/a&gt; to help build the HTTP server with beast. It should only service GET requests at the &lt;tt&gt;/authorize/callback&lt;/tt&gt; endpoint. In the &lt;tt&gt;/authorize/code&lt;/tt&gt; endpoint, it look for a parameter called &lt;tt&gt;code&lt;/tt&gt; in the request. That parameter will store the authorization code after the end user performs successful authentication to the IDP via the browser.&lt;/li&gt;
	&lt;li&gt;After retrieving the authorization code, the HTTP server should launch a HTTP client POST request to the IDP&apos;s token endpoint, which will be the &lt;tt&gt;idp&lt;/tt&gt; + &lt;tt&gt;/oauth2/v1/token?redirect_uri=&lt;a href=&quot;http://localhost:47617/authorize/token&amp;amp;grant_type=authorization_code&amp;amp;code=&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://localhost:47617/authorize/token&amp;amp;grant_type=authorization_code&amp;amp;code=&lt;/a&gt;&amp;lt;code&amp;gt;&lt;/tt&gt;. The POST request&apos;s header will have &lt;tt&gt;accept: application/json&lt;/tt&gt;, &lt;tt&gt;authorization: &amp;lt;B64(client_id:client_secret)&amp;gt;&lt;/tt&gt;, and &lt;tt&gt;content-type: application/x-www-form-urlencoded&lt;/tt&gt; as parameters. The HTTP server will then parse the &lt;tt&gt;id_token&lt;/tt&gt; field in the response in order to get the serialized JWS representation of the ID token and return it to the &lt;tt&gt;SaslOIDCClientConversation&lt;/tt&gt;.&lt;/li&gt;
	&lt;li&gt;The &lt;tt&gt;SaslOIDCClientConversation&lt;/tt&gt;&apos;s second step will then return the serialized token as the payload to be sent to the server and will return true to indicate that the client-side SASL session is now complete.&lt;/li&gt;
&lt;/ol&gt;
</description>
                <environment></environment>
        <key id="2079755">SERVER-67654</key>
            <summary>Implement authorization code token acquisition flow in the mongo shell</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="varun.ravichandran@mongodb.com">Varun Ravichandran</assignee>
                                    <reporter username="varun.ravichandran@mongodb.com">Varun Ravichandran</reporter>
                        <labels>
                    </labels>
                <created>Wed, 29 Jun 2022 18:04:08 +0000</created>
                <updated>Fri, 28 Oct 2022 20:48:31 +0000</updated>
                            <resolved>Fri, 28 Oct 2022 14:34:44 +0000</resolved>
                                                                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                    <issuelinks>
                            <issuelinktype id="10720">
                    <name>Cloners</name>
                                                                <inwardlinks description="is cloned by">
                                        <issuelink>
            <issuekey id="2090266">SERVER-68053</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2090275">SERVER-68054</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="2169865">SERVER-70957</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2169871">SERVER-70958</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>6.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 19 Aug 2022 20:38:34 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        1 year, 32 weeks ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16941"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-2888</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>varun.ravichandran@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            1 year, 32 weeks ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>varun.ravichandran@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i10ibb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i0jcqo:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_22250" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Special Downgrade Instructions Required</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="23343"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="6257">Security 2022-08-22</customfieldvalue>
    <customfieldvalue id="6258">Security 2022-09-05</customfieldvalue>
    <customfieldvalue id="6259">Security 2022-09-19</customfieldvalue>
    <customfieldvalue id="6462">Security 2022-10-03</customfieldvalue>
    <customfieldvalue id="6463">Security 2022-10-17</customfieldvalue>
    <customfieldvalue id="6464">Security 2022-10-31</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i104gn:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>