Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-86603

Ensure that MongoDB Server rejects JWT tokens with multiple audience claims

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security
    • v7.3, v7.0

      A OIDC conformant JWT may contain multiple aud claims. Tokens of this form are rare, because the semantics of their claims can be unclear. Because the audience is used to identify authentication principals, we should reject tokens with multiple audiences.

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: