Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-6710

Investigate changes in SERVER-75121: Remove JWKS URI from server OIDC configuration

    • Type: Icon: Investigation Investigation
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • No version
    • Affects Version/s: None
    • Component/s: OIDC DB Auth
    • None
    • Not Needed

      Original Downstream Change Summary

      This change removes the JWKSUri from OIDC configuration and saslStart responses. The JWKSUri is discovered from a metadata endpoint which can be constructed from the issuer URI, which is already defined in the configuration.

      Description of Linked Ticket

      SERVER-74735 must incidentally implement OAuth2 Authorization Server metadata discovery. We can re-use that mechanism to discover the JWKS endpoint, which we require in order to acquire the issuer's public token signing keys. Instead of requiring our administrator to populate the JWKS endpoint in our configuration, we should use metadata discovery to acquire the JWKS endpoint ourselves. Polling the endpoint will require network connectivity anyway, so this doesn't make us more brittle, and reduces configuration.

            Assignee:
            Unassigned Unassigned
            Reporter:
            backlog-server-pm Backlog - Core Eng Program Management Team
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: