From 898fa7b0169bcaab6af348224e6a695056fd0390 Mon Sep 17 00:00:00 2001
From: Jonathan Wilson <jonathan.wilson@mongodb.com>
Date: Tue, 3 Dec 2024 10:16:32 -0800
Subject: [PATCH 1/2] DOCSP-45739 Adds nonce in Auth Req to OIDC connection
 settings

---
 .../authentication-connection.txt                          | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source/connect/advanced-connection-options/authentication-connection.txt b/source/connect/advanced-connection-options/authentication-connection.txt
index 2326bd9b4..e50c5f9cd 100644
--- a/source/connect/advanced-connection-options/authentication-connection.txt
+++ b/source/connect/advanced-connection-options/authentication-connection.txt
@@ -133,6 +133,13 @@ Procedure
              settings, |compass-short| uses the same proxy to connect to both 
              the cluster and identity provider.
 
+         * - Send a nonce in the Auth Code Request
+           - Optional. Includes a random nonce as a part of the auth code 
+             request to prevent replay attacks. Enabled by default.
+
+             The nonce is an important security component. This setting should 
+             only be disabled if it is not supported by your OIDC provider.
+
       .. _x509:
 
       X.509

From 40a5b467eb2dd4dbde501112fd19e686e5e6f3ce Mon Sep 17 00:00:00 2001
From: Jonathan Wilson <jonathan.wilson@mongodb.com>
Date: Tue, 3 Dec 2024 16:11:28 -0800
Subject: [PATCH 2/2] Responds to feedback

---
 .../advanced-connection-options/authentication-connection.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source/connect/advanced-connection-options/authentication-connection.txt b/source/connect/advanced-connection-options/authentication-connection.txt
index e50c5f9cd..d2ba1cc21 100644
--- a/source/connect/advanced-connection-options/authentication-connection.txt
+++ b/source/connect/advanced-connection-options/authentication-connection.txt
@@ -137,8 +137,8 @@ Procedure
            - Optional. Includes a random nonce as a part of the auth code 
              request to prevent replay attacks. Enabled by default.
 
-             The nonce is an important security component. This setting should 
-             only be disabled if it is not supported by your OIDC provider.
+             The nonce is an important security component. Only disable this
+             setting if it is not supported by your OIDC provider.
 
       .. _x509: