Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-7667

Investigate changes in SERVER-86607: Reject access tokens with multiple audience claims

    • Type: Icon: Investigation Investigation
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • No version
    • Affects Version/s: None
    • Component/s: OIDC DB Auth
    • None
    • Developer Tools
    • Not Needed

      Original Downstream Change Summary

      As part of PM-3662, the server will start rejecting OIDC access tokens that contain audience claims where the value is an empty array, or an array of multiple strings. This behavior will be backported to 7.0 & 7.3.

      Description of Linked Ticket

      If a client presents an access token where the "aud" claim is an array containing more than one string, then the server should reject it.

            Assignee:
            Unassigned Unassigned
            Reporter:
            backlog-server-pm Backlog - Core Eng Program Management Team
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: