Add useAuthorizationClaim field info. (#5258)

MongoCaleb · ajhuh-mdb · sarahsimpers · web-flow · commit c99edbaafa70 · 2023-11-16T14:56:17.000-05:00
* Add useAuthorizationClaim * fix formatting and add version * one last formatting tweak * review suggestions * DOCS-16389 query plan cache subdocument (#5217) * DOCS-16389 query plan cache subdocument * * * IF feedback * clarity * nit * move to compatibility * * * wording * wording * (DOCS-16390) You can't specify WT encryption options in createCollection (#5260) * (DOCS-16390) You can't specify WT encryption options in createCollection * Includes change from tech review * DOCS-16363 Document killedDueToMaxTimeMSExpired under serverStatus (#5193) * DOCS-16363 Document killedDueToMaxTimeMSExpired under serverStatus * add to TOC * wording * build error * (DOCSP-34349) Adds release notes and compatibility changes for 7.2 (#5242) * DOCS-16363 Document killedDueToMaxTimeMSExpired under serverStatus (#5193) * DOCS-16363 Document killedDueToMaxTimeMSExpired under serverStatus * add to TOC * wording * build error * Includes PM external review changes * Revert "Includes PM external review changes" This reverts commit 0263ebe646848bf840c75b414815d3daa660e9fc. * Includes changes from PM review * Includes copy review changes --------- Co-authored-by: Alison Huh <112565127+ajhuh-mdb@users.noreply.github.com> * rewording * staging to check formatting * cleaning up the process * formatting foo * more review rewording and table formatting * still trying to get the table format correct... * funwith table formatting... * table formatting... --------- Co-authored-by: Alison Huh <112565127+ajhuh-mdb@users.noreply.github.com> Co-authored-by: Sarah Simpers <82042374+sarahsimpers@users.noreply.github.com>
diff --git a/source/includes/fact-oidc-providers.rst b/source/includes/fact-oidc-providers.rst
@@ -1,6 +1,6 @@
 .. list-table::
   :header-rows: 1
-  :widths: 20 25 35 20
+  :widths: 20 18 42 20
 
   * - Field
 
@@ -86,11 +86,53 @@
 
     - string 
 
+  * - ``useAuthorizationClaim`` 
+
+    - Optional
+
+    - Determines if the ``authorizationClaim`` is required. The default value is 
+      ``true``.
+    
+      If the ``useAuthorizationClaim`` field is set to ``true``, the server requires 
+      an ``authorizationClaim`` for the identity provider's config. This is the 
+      default behavior.
+      
+      If the ``useAuthorizationClaim`` field is set to ``false``, the 
+      ``authorizationClaim`` field is optional (and ignored if provided). 
+      Instead, the server does the following:
+
+      - Searches the token for a claim whose name is listed in the 
+        ``principalNameClaim`` field. This is typically named ``sub``. For 
+        example:
+
+        ``sub: "spencer.jackson@example.com"``
+
+      - Constructs the internal username by concatenating the ``authNamePrefix``, 
+        a forward slash (`/`), and the contents of the claim identified by 
+        ``principalNameClaim`` within the access token. For example, with a 
+        ``authNamePrefix`` field value of "mdbinc", the internal username is:
+
+        ``mdbinc/spencer.jackson@example.com``
+
+      - Looks for the user with this username and authorize the client with the 
+        roles:: 
+
+        .. code-block:: javascript
+        
+           { user: "mdbinc/spencer.jackson@example.com", 
+             db: "$external" }
+        
+      .. versionadded:: 7.2
+
+    - boolean
+
   * - ``authorizationClaim`` 
 
-    - Required 
+    - Conditional 
 
-    - Claim extracted from access token that contains MongoDB role names.
+    - Required, unless ``useAuthorizationClaim`` is set to ``false``.
+    
+      Claim extracted from access token that contains MongoDB role names.
 
     - string  
 
