DOCSP-45739 Adds nonce in Auth Req to OIDC connection settings (#700)

jwilson-mdb · web-flow · commit 7c7e6b1eb6aa · 2025-01-15T09:12:00.000-08:00
* DOCSP-45739 Adds nonce in Auth Req to OIDC connection settings * Responds to feedback
diff --git a/source/connect/advanced-connection-options/authentication-connection.txt b/source/connect/advanced-connection-options/authentication-connection.txt
@@ -133,6 +133,13 @@ Procedure
              settings, |compass-short| uses the same proxy to connect to both 
              the cluster and identity provider.
 
+         * - Send a nonce in the Auth Code Request
+           - Optional. Includes a random nonce as a part of the auth code 
+             request to prevent replay attacks. Enabled by default.
+
+             The nonce is an important security component. Only disable this
+             setting if it is not supported by your OIDC provider.
+
       .. _x509:
 
       X.509
