Summary

The auth spec states:

Drivers MUST implement speculative authentication for MONGODB-OIDC during the hello handshake. Drivers MUST NOT attempt speculative authentication if the Client Cache does not have a cached access token.

Proposal: fetch a token if not cached.

Motivation

This would likely save round-trips on initial connections with using MONGODB-OIDC.

I expect the saved round trip would only impact the first few connections. After the first auth succeeds, later connections use the cached token. With maxConnecting rate limiting connection creation, I expect only (at most) the first maxConnecting connections would not have a cached token.

However, this may benefit environments where clients are short-lived or the cold start time matters.

The current spec may simplify implementation for some drivers (at least Go).

Motivated by this slack conversation.

Who is the affected end user?

Users of MONGODB-OIDC auth.

How does this affect the end user?

May speed-up handshake on first few connections.

How likely is it that this problem or use case will occur?

Certain?

If the problem does occur, what are the consequences and how severe are they?

Extra round-trip during handshake of initial.

Is this issue urgent?

No?

Is this ticket required by a downstream team?

This may make a significant difference in some downstream tools like Data Explorer, which particularly cares about first connect cost for UI responsiveness.

Is this ticket only for tests?

No.

Acceptance Criteria

• Allow drivers to fetch a token during speculative auth if a token is not cached.
• Remove or revise the test Handshake without cached token should not use speculative authentication