docs(NODE-5062): add OIDC callbacks example #698
Conversation
| const config = { | ||
| openBrowser: { | ||
| command: 'open -a "Firefox"', | ||
| }, |
There was a problem hiding this comment.
| }, | |
| }, | |
| allowedFlows: ['auth-code'], |
I’m not sure what the best way to approach this is. In WRITING-14037, the action items for the drivers ticket that this NODE ticket spawns from are:
The plugin itself implements RFC9207 and RFC8414, so that’s not a concern here. Implementation of RFC8707 is something that requires a larger discussion around how that would be implemented.
But the first point, whether Device Auth Flow should be allowed, is one that the plugin doesn’t answer and leaves to clients. Right now, the default in that plugin is to allow both Auth Code Flow and Device Auth Flow, but we’ve decided that that’s not the default we want in Compass or mongosh because of the issues described in that WRITING ticket.
I don’t know if it makes more sense to switch the default in the plugin and then mention elsewhere that Device Auth Flow can also be enabled, or to add comments here (and probably in the OIDC plugin README) about that option being potentially less secure if (left) enabled.
There was a problem hiding this comment.
I do feel like switching the default in the plugin might be a good idea, and then comment here and the plugin README as you mention.
There was a problem hiding this comment.
I did add the suggestion and then a comment to link to the readme in the plugin repo.
There was a problem hiding this comment.
Updated the plugin & merged in mongodb-js/oidc-plugin@28a897d
Pull Request Info
For when OIDC docs will be written, a callback based example.
PR Reviewing Guidelines
JIRA - https://jira.mongodb.org/browse/DOCSP-NNNNN
Staging - https://docs-mongodbcom-staging.corp.mongodb.com/drivers/docsworker-xlarge/NNNNN/
Self-Review Checklist