[OIDC] Use expiration time of ID token if passIdTokenAsAccessToken is set

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major - P3
    • 2.5.1
    • Affects Version/s: None
    • Component/s: OIDC DB Auth
    • Environment:
      OS:
      node.js / npm versions:
      Additional info:
    • Iteration Zenith, Iteration A (Apr 21 - May 5)
    • Not Needed
    • Developer Tools

      Problem Statement/Rationale

      If we are using ID tokens for authentication, we should be using the expiration time set in the ID token instead of the time specified in the token set response, since that time refers to the access token's expiration time.

      Steps to Reproduce

      Modify our mock HTTP IdP server to pass different expiration times for ID and access token, then start mongosh running against that IdP.

      Expected Results

      Compass/mongosh stays authenticated after ID tokens expires, by refreshing.

      Actual Results

      Compass/mongosh enters a state of passing expired ID tokens to the driver, so authentication fails consistently for any new command.

      This change should be noted in the spec.

            Assignee:
            Anna Henningsen
            Reporter:
            Anna Henningsen
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: