copydb with sasl begins with an admin command, "copydbsaslstart", followed by a call to "copydb" and a second call to "copydb". All commands are done on the target server's "admin" database.
The payload is the same as for "saslStart" with SCRAM-SHA-1. The server replies:
There is no copydbsaslcontinue. Instead, copydb gets alternate parameters:
The payload is the same as for saslContinue with SCRAM-SHA-1. The conversation continues like:
The database has now been copied.
The shell helper copyDatabase has a new "mechanism" parameter that can be "MONGODB-CR" or "SCRAM-SHA-1". If no mechanism is provided, the shell helper uses SCRAM-SHA-1 if the target server has maxWireVersion >= 3 and MONGODB-CR otherwise.