For some context, I'm currently using both services MongoDB and Vercel. Unfortunately, due to design Vercel is inject AWS Credentials, AWS_SESSION_TOKEN included.

The MongoDb specifications state that:
"The AWS_SESSION_TOKEN may or may not be set. However, if AWS_SESSION_TOKEN is set Drivers MUST use its value as the session token."
"users MAY also provide an AWS_SESSION_TOKEN as a mechanism_property."

The code that is causing me issues (mongodb@3.6.10):

if (!this.mechanismProperties.AWS_SESSION_TOKEN && process.env.AWS_SESSION_TOKEN){  this.mechanismProperties.AWS_SESSION_TOKEN = process.env.AWS_SESSION_TOKEN;}

A possible solution:

if (this.mechanismProperties.AWS_SESSION_TOKEN === undefined && process.env.AWS_SESSION_TOKEN) {  this.mechanismProperties.AWS_SESSION_TOKEN = process.env.AWS_SESSION_TOKEN; }

The problem with my solution is that I'm not sure if violates the specification. If we allow to set an empty value `""` as value then this body would be sent to AWS STS for the signature:

{
  accessKeyId: 'xxx',
  secretAccessKey: 'xxx',
  token: ''
}