-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(NODE-5464): OIDC machine and callback workflow #3912
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
durran
force-pushed
the
NODE-5464
branch
3 times, most recently
from
November 8, 2023 19:07
f6422b2
to
5482d70
Compare
durran
force-pushed
the
NODE-5464
branch
3 times, most recently
from
December 21, 2023 14:49
8bc8de0
to
e67a221
Compare
durran
force-pushed
the
NODE-5464
branch
3 times, most recently
from
February 2, 2024 15:56
ea3d2bc
to
88c6eff
Compare
durran
force-pushed
the
NODE-5464
branch
2 times, most recently
from
February 14, 2024 13:31
569255f
to
893a15c
Compare
durran
force-pushed
the
NODE-5464
branch
3 times, most recently
from
February 21, 2024 10:57
4b8ca02
to
5ea2fb3
Compare
durran
force-pushed
the
NODE-5464
branch
11 times, most recently
from
February 28, 2024 20:04
ce7642f
to
0542a48
Compare
durran
changed the title
feat(NODE-5464): OIDC machine workflow
feat(NODE-5464): OIDC machine and callback workflow
Feb 28, 2024
durran
force-pushed
the
NODE-5464
branch
2 times, most recently
from
February 28, 2024 20:36
a40da5a
to
51718d8
Compare
This was referenced Oct 1, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Implements OIDC new machine and human callback workflows.
What is changing?
OIDC_CALLBACK
auth mech property.OIDC_HUMAN_CALLBACK
auth mech property.ENVIRONMENT:test
auth mech property.ENVIRONMENT:azure
auth mech property.ENVIRONMENT:gcp
auth mech property.TokenCache
for all OIDC authentication that sits at the auth provider level.Is there new documentation needed for these changes?
What is the motivation for this change?
mongodb/specifications#1471
mongodb/specifications#1544
mongodb/specifications#1513
Release Highlight
Support for MONGODB-OIDC Authentication
MONGODB-OIDC
is now supported as an authentication mechanism for MongoDB server versions 7.0+. The currently supported facets to authenticate with are callback authentication, human interaction callback authentication, Azure machine authentication, and GCP machine authentication.Azure Machine Authentication
The
MongoClient
must be instantiated withauthMechanism=MONGODB-OIDC
in the URI or in the client options. Additional required auth mechanism properties ofTOKEN_RESOURCE
andENVIRONMENT
are required and another optional username can be provided. Example:GCP Machine Authentication
The
MongoClient
must be instantiated withauthMechanism=MONGODB-OIDC
in the URI or in the client options. Additional required auth mechanism properties ofTOKEN_RESOURCE
andENVIRONMENT
are required. Example:Callback Authentication
The user can provide a custom callback to the
MongoClient
that returns a valid response with an access token. The callback is provided as an auth mechanism property an has the signature of:For callbacks that require human interaction, set the callback to the
OIDC_HUMAN_CALLBACK
property:Double check the following
npm run check:lint
scripttype(NODE-xxxx)[!]: description
feat(NODE-1234)!: rewriting everything in coffeescript