Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-74735

Advertise Identity Provider Issuer in OIDC SASL flows

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 7.0.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security
    • Major Change
    • Security 2023-03-20, Security 2023-04-03

      The server should advertise the "issuer" value that it expects to observe in the iss field of tokens presented to it.

      A MongoDB Application or Driver must use this information to validate "OAuth 2.0 Authorization Server Issuer Identification" information advertised by the IdP.

      To ensure that Drivers aren't relying on the authorization, token, or device authorization endpoints advertised by the server, we should remove them from the server accepted and advertised configuration.

            Assignee:
            spencer.jackson@mongodb.com Spencer Jackson
            Reporter:
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: