Currently, authorization_endpoint , token_endpoint, device_authorization_endpoint via proxy checked directly via Server. With outbound security groups implemented, Atlas clusters will need to verify these endpoints in some other way.