-
Type: Task
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: OIDC DB Auth
-
None
-
3
-
Iteration Utahraptor
-
Not Needed
Some identity providers (e.g. Ping) do not send OIDC ID tokens as part of the Device Authorization Grant flow (which is not technically an OIDC flow, but an OAuth 2.0 flow).
Since we don't need to pass the ID token to the MongoDB server (right now, at least), we should be able to omit this check.
This requires disabling some of our consistency checks in the case where an ID token is disabled that verify that the token set we received refers to a consistent subject identity.
We should log a warning to the log files when encountering this situation.
Testing this is probably easiest through @mongodb-js/oidc-mock-provider (which we currently only use for integration tests with the MongoDB server, but which could probably be configured easily enough to not send an id_token).
- is depended on by
-
MONGOSH-1707 Release mongosh 2.1.4
- Closed