<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 06:08:44 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-67664] Validate parsed ID tokens</title>
                <link>https://jira.mongodb.org/browse/SERVER-67664</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;After compactly-serialized ID tokens have been parsed into structs representing the header and the payload, they need to be validated in order to determine whether or not authentication can proceed. This will involve the following steps:&lt;/p&gt;
&lt;ol&gt;
	&lt;li&gt;Split the compact serialization into 2 components: the message (&lt;tt&gt;Base64URLEncoded(Header).Base64URLEncoded(Payload))&lt;/tt&gt; and the signature (&lt;tt&gt;Base64URLEncoded(Signature))&lt;/tt&gt;.&lt;/li&gt;
	&lt;li&gt;Check that the header&apos;s &lt;tt&gt;typ&lt;/tt&gt; is JWT and &lt;tt&gt;alg&lt;/tt&gt; is RS256.&lt;/li&gt;
	&lt;li&gt;Base64URLDecode the signature.&lt;/li&gt;
	&lt;li&gt;Retrieve the keyId from the &lt;tt&gt;JWTHeader&lt;/tt&gt; and then retrieve the corresponding &lt;tt&gt;RsaPublicKey&lt;/tt&gt; from the &lt;tt&gt;AsymmetricKeyManager&lt;/tt&gt;.&lt;/li&gt;
	&lt;li&gt;Construct an instance of the &lt;tt&gt;AsymmetricKeySignatureVerifier&lt;/tt&gt; using the &lt;tt&gt;RsaPublicKey&lt;/tt&gt; and then verify the signature by passing in the message, signature, and SHA-256 as the requested message digest.&lt;/li&gt;
	&lt;li&gt;If the signature verifies, then check that the claims in the &lt;tt&gt;JWTPayload&lt;/tt&gt; include an &lt;tt&gt;iss&lt;/tt&gt; matching the &lt;tt&gt;idpIdentifier&lt;/tt&gt; server parameter, an &lt;tt&gt;aud&lt;/tt&gt; matching the &lt;tt&gt;clientId&lt;/tt&gt; server parameter, and an &lt;tt&gt;exp&lt;/tt&gt; set in the future.&lt;/li&gt;
	&lt;li&gt;If all of these checks pass, add and authorize the user to the Client&apos;s &lt;tt&gt;AuthorizationSession&lt;/tt&gt; and return an OK status so that SASL can complete with successful authentication.&lt;/li&gt;
&lt;/ol&gt;


&lt;p&gt;A unit test should be written that asserts the validator&apos;s ability to correctly distinguish between properly signed JWTs with valid claims, improperly signed JWTs, and properly signed JWTs with invalid claims.&lt;/p&gt;

&lt;p&gt;More details are available &lt;a href=&quot;https://docs.google.com/document/d/1AoqNMlfhvlNjx9cw1Ltizqji2S09IxowOUABIkoY-0I/edit#heading=h.n30qsen54aak&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;here&lt;/a&gt;.&lt;/p&gt;</description>
                <environment></environment>
        <key id="2079842">SERVER-67664</key>
            <summary>Validate parsed ID tokens</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="sara.golemon@mongodb.com">Sara Golemon</assignee>
                                    <reporter username="varun.ravichandran@mongodb.com">Varun Ravichandran</reporter>
                        <labels>
                    </labels>
                <created>Wed, 29 Jun 2022 19:26:12 +0000</created>
                <updated>Tue, 30 Aug 2022 01:57:59 +0000</updated>
                            <resolved>Tue, 30 Aug 2022 01:57:59 +0000</resolved>
                                                                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                    <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                            <outwardlinks description="depends on">
                                        <issuelink>
            <issuekey id="2079836">SERVER-67663</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2121499">SERVER-69124</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 26 Aug 2022 00:55:56 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        1 year, 32 weeks ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<s><a href='https://jira.mongodb.org/browse/SERVER-69124'>SERVER-69124</a></s>, <s><a href='https://jira.mongodb.org/browse/SERVER-67663'>SERVER-67663</a></s>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-2888</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>sara.golemon@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            1 year, 32 weeks ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>sara.golemon@mongodb.com</customfieldvalue>
            <customfieldvalue>varun.ravichandran@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i10iun:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i0jda0:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="6256">Security 2022-08-08</customfieldvalue>
    <customfieldvalue id="6257">Security 2022-08-22</customfieldvalue>
    <customfieldvalue id="6258">Security 2022-09-05</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i104zz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>