Uploaded image for project: 'Node.js Driver'
  1. Node.js Driver
  2. NODE-3487

AuthMechanism "MONGODB-AWS" doesn't allow me to set an empty value

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.6.12, 4.1.2
    • Affects Version/s: 3.6.11, 4.1.1
    • Component/s: Lambda
    • Labels:
    • 2
    • Not Needed

      For some context, I'm currently using both services MongoDB and Vercel. Unfortunately, due to design Vercel is inject AWS Credentials, AWS_SESSION_TOKEN included.

      The MongoDb specifications state that:
      "The AWS_SESSION_TOKEN may or may not be set. However, if AWS_SESSION_TOKEN is set Drivers MUST use its value as the session token."
      "users MAY also provide an AWS_SESSION_TOKEN as a mechanism_property."

      The code that is causing me issues (mongodb@3.6.10):

      if (!this.mechanismProperties.AWS_SESSION_TOKEN && process.env.AWS_SESSION_TOKEN){  this.mechanismProperties.AWS_SESSION_TOKEN = process.env.AWS_SESSION_TOKEN;}

      A possible solution:

      if (this.mechanismProperties.AWS_SESSION_TOKEN === undefined && process.env.AWS_SESSION_TOKEN) {  this.mechanismProperties.AWS_SESSION_TOKEN = process.env.AWS_SESSION_TOKEN; }

      The problem with my solution is that I'm not sure if violates the specification. If we allow to set an empty value `""` as value then this body would be sent to AWS STS for the signature:

      {
  accessKeyId: 'xxx',
  secretAccessKey: 'xxx',
  token: ''
}

       

            Assignee:
            neal.beeken@mongodb.com Neal Beeken
            Reporter:
            henrique@vitt.sh Henrique Silva
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: