Won't Do
Details
Details
Assignee
Unassigned
UnassignedReporter
radoslaw.szulgo
radoslaw.szulgoLabels
Needs QA
Yes
Needs Doc
No
Sprint
Priority
Smart Checklist
Smart Checklist
Created February 14, 2025 at 2:18 PM
Updated April 8, 2025 at 12:21 PM
Resolved April 8, 2025 at 12:21 PM
User Story
As a user,
I want to use OIDC refresh tokens to extend my authentication session,
So that I don’t have to log in frequently while maintaining security.
Problem Description
Users are forced to re-authenticate frequently, causing usability issues, especially for long-running database sessions.
Acceptance Criteria
The server can request and use OIDC refresh tokens when available.
Sessions remain valid as long as the refresh token is valid.
Expired or revoked refresh tokens result in session termination.
Design / Solution Proposal
Implement a mechanism to request new access tokens using refresh tokens.
Note from MongoDB documentation ( ) :
Requested scopes
Optional
Tokens that give users permission to request data from the authorization endpoint. If you plan to support refresh tokens, this field must include the value
offline_access
.If your identity provider is Microsoft Entra ID, Atlas requires this setting. Add default scope, which is
<application client id>/.default
.For each additional scope you want to add, click Add more scopes.
Store refresh tokens securely in memory for active sessions.