-
Type: Bug
-
Resolution: Unresolved
-
Priority: Unknown
-
None
-
Component/s: Authentication
-
None
Summary
The issue was discovered during re-factoring of authentication layer of C# Driver. The problem occurs when Speculative Authentication was used to establish OIDC-enabled connection, and then client got the Reauthentication request from the server. In C# Driver we followed the defined by spec behavior: clean OIDC credentials cache and perform regular authentication flow. But the problem is in fact that the very first step of the auth flow is to try Speculative Response from the original Hello response. For single-step OIDC authentication flow the original Speculative Response contains positively completed response (Done attribute is set to true) so in fact Driver did nothing to obtain a new credentials and authenticate the connection.
Motivation
Who is the affected end user?
OIDC-enabled environments.
How does this affect the end user?
Reauthentication request will be ignored by Driver resulting (probably) with connection error or infinite loop depending on server behavior.
How likely is it that this problem or use case will occur?
Looks like an edge case when Speculative Authentication and Reauthentication combined together.
Is this ticket only for tests?
Nope.
- split to
-
NODE-6340 Clarify Reauthentication and Speculative Authentication combination behavior
- Backlog
-
RUBY-3536 Clarify Reauthentication and Speculative Authentication combination behavior
- Backlog
-
CDRIVER-5674 Clarify Reauthentication and Speculative Authentication combination behavior
- Backlog
-
CXX-3090 Clarify Reauthentication and Speculative Authentication combination behavior
- Backlog
-
GODRIVER-3308 Clarify Reauthentication and Speculative Authentication combination behavior
- Backlog
-
RUST-2020 Clarify Reauthentication and Speculative Authentication combination behavior
- Backlog
-
PHPLIB-1498 Clarify Reauthentication and Speculative Authentication combination behavior
- Blocked
-
CSHARP-5239 Clarify Reauthentication and Speculative Authentication combination behavior
- Closed
-
MOTOR-1357 Clarify Reauthentication and Speculative Authentication combination behavior
- Closed
-
PYTHON-4672 Clarify Reauthentication and Speculative Authentication combination behavior
- Closed
-
JAVA-5577 Clarify Reauthentication and Speculative Authentication combination behavior
- Backlog