-
Type: Spec Change
-
Resolution: Unresolved
-
Priority: Unknown
-
None
-
Component/s: Authentication
-
Needed
Summary
What is the problem or use case, what are we trying to achieve?
For GSSAPI, MONGODB-X509, MONGODB-AWS, and MONGODB-OIDC the only valid authSource is $external. However, when reading the TXT record for Atlas deployments, the authSource is set to admin. This forces the connection string to specify the authSource for these mechanisms. For example, the connection string given by Atlas for AWS authentication includes authSource=%24external.
The DNS specification says "If available, a TXT record provides default connection string options".
We should explicitly override the authSource for these auth mechanisms, and optionally warn if a different value was given. We could choose to warn only if the authSource was set to something other than admin or $external.
See GODRIVER-3331 for an example of where this behavior would be desirable.