Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2857

Follow-up MONGODB-OIDC spec and test improvements

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Duplicate
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Component/s: Authentication
    • None

      Summary

      There are a number of improvements for the MONGODB-OIDC spec discovered by implementers:

      • The OIDC callback API is overly prescriptive of the values of expiresIn. Drivers devs should be able to pick an idiomatic API as long as it's consistent with the behavior of timeoutMS (CSOT).
      • There is no spec or prose test that asserts that ALLOWED_HOSTS cannot be specified in the connection string.

      Motivation

      Who is the affected end user?

      Drivers devs.

      How does this affect the end user?

      Drivers devs are confused while implementing the MONGODB-OIDC auth mechanism.

      How likely is it that this problem or use case will occur?

      Main path? Edge case?

      If the problem does occur, what are the consequences and how severe are they?

      Minor annoyance at a log message? Performance concern? Outage/unavailability? Failover can't complete?

      Is this issue urgent?

      Does this ticket have a required timeline? What is it?

      Is this ticket required by a downstream team?

      No.

      Is this ticket only for tests?

      No.

      Acceptance Criteria

      • Allow drivers to use idiomatic values for expiresIn in the OIDC callback API.
      • Add a prose test that asserts MONGODB-OIDC auth mechanism property ALLOWED_HOSTS can't be in the connection string.

            Assignee:
            Unassigned Unassigned
            Reporter:
            matt.dale@mongodb.com Matt Dale
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: