-
Type:
Task
-
Resolution: Fixed
-
Priority:
Unknown
-
Affects Version/s: None
-
Component/s: None
-
None
-
None
-
Python Drivers
-
Not Needed
-
-
None
-
None
-
None
-
None
-
None
-
None
Context
The cached authenticator is returned before checking the allowed hosts. In practice this is not an issue because the credentials are cached per adress. This is a correctness issue.
Definition of done
- validate MONGODB-OIDC allowed hosts before reusing a cached authenticator
- apply the same ordering fix to sync and async OIDC auth helpers
- add regression coverage for cached authenticator reuse with a disallowed host
Pitfalls
Ensure that we are not impacting caching logic.