feat(NODE-5464): OIDC machine and callback workflow #3912
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Implements OIDC new machine and human callback workflows.
What is changing?
OIDC_CALLBACK
auth mech property.OIDC_HUMAN_CALLBACK
auth mech property.ENVIRONMENT:test
auth mech property.ENVIRONMENT:azure
auth mech property.ENVIRONMENT:gcp
auth mech property.TokenCache
for all OIDC authentication that sits at the auth provider level.Is there new documentation needed for these changes?
What is the motivation for this change?
mongodb/specifications#1471
mongodb/specifications#1544
mongodb/specifications#1513
Release Highlight
Support for MONGODB-OIDC Authentication
MONGODB-OIDC
is now supported as an authentication mechanism for MongoDB server versions 7.0+. The currently supported facets to authenticate with are callback authentication, human interaction callback authentication, Azure machine authentication, and GCP machine authentication.Azure Machine Authentication
The
MongoClient
must be instantiated withauthMechanism=MONGODB-OIDC
in the URI or in the client options. Additional required auth mechanism properties ofTOKEN_RESOURCE
andENVIRONMENT
are required and another optional username can be provided. Example:GCP Machine Authentication
The
MongoClient
must be instantiated withauthMechanism=MONGODB-OIDC
in the URI or in the client options. Additional required auth mechanism properties ofTOKEN_RESOURCE
andENVIRONMENT
are required. Example:Callback Authentication
The user can provide a custom callback to the
MongoClient
that returns a valid response with an access token. The callback is provided as an auth mechanism property an has the signature of:For callbacks that require human interaction, set the callback to the
OIDC_HUMAN_CALLBACK
property:Double check the following
npm run check:lint
scripttype(NODE-xxxx)[!]: description
feat(NODE-1234)!: rewriting everything in coffeescript