SERVER-70955 Define OIDC protocol and add infra for feature

2 files changed, 14 insertions, 0 deletions

diff --git a/src/mongo/crypto/jws_validated_token.cpp b/src/mongo/crypto/jws_validated_token.cpp
index ba5b4fce3c2..962d9d5a9a4 100644
--- a/src/mongo/crypto/jws_validated_token.cpp
+++ b/src/mongo/crypto/jws_validated_token.cpp
@@ -103,4 +103,13 @@ JWSValidatedToken::JWSValidatedToken(const JWKManager& keyMgr, StringData token)
     uassertStatusOK(validate(keyMgr));
 };
 
+StatusWith<std::string> JWSValidatedToken::extractIssuerFromCompactSerialization(
+    StringData token) try {
+    auto tokenSplit = parseSignedToken(token);
+    auto payload = fromjson(base64url::decode(tokenSplit.token[1]));
+    return JWT::parse(IDLParserContext{"JWT"}, payload).getIssuer().toString();
+} catch (const DBException& ex) {
+    return ex.toStatus();
+}
+
 }  // namespace mongo::crypto
diff --git a/src/mongo/crypto/jws_validated_token.h b/src/mongo/crypto/jws_validated_token.h
index 61493978763..1f304e37072 100644
--- a/src/mongo/crypto/jws_validated_token.h
+++ b/src/mongo/crypto/jws_validated_token.h
@@ -49,6 +49,11 @@ public:
     JWSValidatedToken(const JWKManager& keyMgr, StringData token);
 
     /**
+     * Extract just the Issuer name ('iss') from the token.
+     */
+    static StatusWith<std::string> extractIssuerFromCompactSerialization(StringData token);
+
+    /**
      * Validates token is not expired or issued on a later date,
      * verifies it has a validator matching its keyId and finally
      * it calls validate from the validator, returning the status.