<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:44:39 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CSHARP-3196] Mongodb 4.4: Got MongoAuthenticationException : Server sent an invalid nonce.</title>
                <link>https://jira.mongodb.org/browse/CSHARP-3196</link>
                <project id="10041" key="CSHARP">C# Driver</project>
                    <description>&lt;p&gt;I&apos;m working in a Windows environment, using mongo server version 4.4 (tried with local windows version and linux version in docker).&lt;/p&gt;

&lt;p&gt;If you take open source project &lt;a href=&quot;https://github.com/ProximoSrl/NStore&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/ProximoSrl/NStore&lt;/a&gt; and set environment variables NSTORE_MONGODB to a valid connection value mongodb://admin:mypassword@localhost/nstore?authSource=admin you can verify that some of the tests fails with&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;MongoAuthenticationException : Server sent an invalid nonce.&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;The error is reproducible, it always happen.&lt;/p&gt;

&lt;p&gt;No error with 4.0 mongodb server.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1450088">CSHARP-3196</key>
            <summary>Mongodb 4.4: Got MongoAuthenticationException : Server sent an invalid nonce.</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="2" iconUrl="https://jira.mongodb.org/images/icons/priorities/critical.svg">Critical - P2</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="dmitry.lukyanov@mongodb.com">Dmitry Lukyanov</assignee>
                                    <reporter username="alkampfer@nablasoft.com">Gian Maria Ricci</reporter>
                        <labels>
                    </labels>
                <created>Mon, 24 Aug 2020 08:50:28 +0000</created>
                <updated>Sat, 28 Oct 2023 11:48:12 +0000</updated>
                            <resolved>Thu, 10 Sep 2020 14:38:41 +0000</resolved>
                                    <version>2.11.0</version>
                                    <fixVersion>2.11.2</fixVersion>
                                    <component>Connectivity</component>
                                        <votes>1</votes>
                                    <watches>5</watches>
                                                                                                                <comments>
                            <comment id="3385776" author="xgen-internal-githook" created="Thu, 10 Sep 2020 17:16:02 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;DmitryLukyanov&apos;, &apos;email&apos;: &apos;dmitry.lukyanov@mongodb.com&apos;, &apos;username&apos;: &apos;DmitryLukyanov&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CSHARP-3196&quot; title=&quot;Mongodb 4.4: Got MongoAuthenticationException : Server sent an invalid nonce.&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CSHARP-3196&quot;&gt;&lt;del&gt;CSHARP-3196&lt;/del&gt;&lt;/a&gt;: Mongodb 4.4: Got MongoAuthenticationException : Server sent an invalid nonce.&lt;br/&gt;
Branch: v2.11.x&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-csharp-driver/commit/5e0d8bc82d1d8d9de9aabca057ef4f912dfd71ae&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-csharp-driver/commit/5e0d8bc82d1d8d9de9aabca057ef4f912dfd71ae&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3385231" author="xgen-internal-githook" created="Thu, 10 Sep 2020 14:16:45 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;DmitryLukyanov&apos;, &apos;email&apos;: &apos;dmitry.lukyanov@mongodb.com&apos;, &apos;username&apos;: &apos;DmitryLukyanov&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CSHARP-3196&quot; title=&quot;Mongodb 4.4: Got MongoAuthenticationException : Server sent an invalid nonce.&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CSHARP-3196&quot;&gt;&lt;del&gt;CSHARP-3196&lt;/del&gt;&lt;/a&gt;: Mongodb 4.4: Got MongoAuthenticationException : Server sent an invalid nonce.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-csharp-driver/commit/8fafe00b5cfedf3690808c805e380d3043e02255&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-csharp-driver/commit/8fafe00b5cfedf3690808c805e380d3043e02255&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3375114" author="JIRAUSER1256565" created="Thu, 3 Sep 2020 16:52:22 +0000"  >&lt;p&gt;I stuck a fix in:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/mongodb/mongo-csharp-driver/pull/410&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-csharp-driver/pull/410&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;I&apos;m not sure I like it much but it might be useful.&lt;/p&gt;</comment>
                            <comment id="3374980" author="JIRAUSER1256565" created="Thu, 3 Sep 2020 16:00:37 +0000"  >&lt;p&gt;The issue is essentially occurring becase DefaultAuthenticator._speculativeAuthenticator is shared across the concurrently connecting connections, and that holds the state that contains the nonce.&#160; The flow goes something like:&lt;/p&gt;


&lt;p&gt;ConnectionInitializer.InitializeConnectionAsync -&amp;gt;&lt;br/&gt;
ConnectionInitializer.CreateInitialIsMasterCommand -&amp;gt;&lt;br/&gt;
IsMasterHelper.CustomizeCommand -&amp;gt;&lt;br/&gt;
DefaultAuthenticator.CustomizeInitialIsMasterCommand -&amp;gt;&lt;/p&gt;

&lt;p&gt;This sets DefaultAuthenticator._speculativeAuthenticator to a new ScramSha256Authenticator, and then calls ScramShaAuthenticator.CustomizeInitialIsMasterCommand which calls ScramShaAuthenticator.Initialize which generates and saves a nonce:&lt;br/&gt;
&#160;&#160;&#160; _speculativeAuthenticator = new ScramSha256Authenticator(_credential, _randomStringGenerator);&lt;/p&gt;

&lt;p&gt;&#160;&#160;&#160; _speculativeAuthenticator.CustomizeInitialIsMasterCommand(isMasterCommand)&lt;/p&gt;

&lt;p&gt;Note that DefaultAuthenticator is shared across all the connections.&#160; When there are two concurrently connecting connections then the value of _speculativeAuthenticator depends on which connection last set it.&lt;/p&gt;

&lt;p&gt;back in InitializeConnectionAsync, the IsMaster command is then executed:&lt;br/&gt;
&#160;&#160; var isMasterCommand = CreateInitialIsMasterCommand(connection.Settings.Authenticators);&lt;br/&gt;
&#160;&#160; var isMasterProtocol = IsMasterHelper.CreateProtocol(isMasterCommand);&lt;br/&gt;
&#160;&#160; var isMasterResult = IsMasterHelper.GetResult(connection, isMasterProtocol, cancellationToken);&lt;/p&gt;

&lt;p&gt;the isMaster command contains the per connection generated nonce / response with matching nonce.&#160; InitializeConnectionAsync then proceeds with:&lt;br/&gt;
AuthenticationHelper.Authenticate(connection, description, cancellationToken);&lt;/p&gt;

&lt;p&gt;which calls into&lt;br/&gt;
DefaultAuthenticator.AuthenticateAsync&lt;/p&gt;

&lt;p&gt;which calls&lt;br/&gt;
DefaultAuthenticator.GetOrCreateAuthenticator &#8211; this uses the cached _speculativeAuthenticator (last value).&#160; One of these connections now must have the wrong _speculativeAuthenticator.&#160; Both call into SaslAuthenticator.AuthenticateAsync to process the IsMaster command result.&#160; These then call Transition with _speculativeFirstStep, _speculativeFirstStep.Transition which ends up in ClientFirst.Transition where finally the mismatch is noted and the error gets thrown.&lt;/p&gt;

&lt;p&gt;I&apos;m not entirely clear what the correct fix is.&lt;/p&gt;</comment>
                            <comment id="3374208" author="jeff.yemin" created="Thu, 3 Sep 2020 13:59:17 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=alkampfer&quot; class=&quot;user-hover&quot; rel=&quot;alkampfer&quot;&gt;alkampfer&lt;/a&gt; thank you for bringing this to our attention.  We are actively investigating it now.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=mark.weaver%40trelica.com&quot; class=&quot;user-hover&quot; rel=&quot;mark.weaver@trelica.com&quot;&gt;mark.weaver@trelica.com&lt;/a&gt; thanks also for adding your repro into the mix.&lt;/p&gt;</comment>
                            <comment id="3374108" author="JIRAUSER1256565" created="Thu, 3 Sep 2020 13:17:58 +0000"  >&lt;p&gt;I can trivially reproduce this error using the test code at:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://stackoverflow.com/questions/63223544/server-sent-an-invalid-nonce-when-making-multiple-rapid-connections-from-c-sharp&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://stackoverflow.com/questions/63223544/server-sent-an-invalid-nonce-when-making-multiple-rapid-connections-from-c-sharp&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;All on Windows 10 using mongo 4.4 community edition and the 2.11.1 c# driver.&lt;/p&gt;

&lt;p&gt;I have tried debugging the c# driver and it appears what is happening is that when two connections are opened simultaneously two separate nonces are generated (with two different ScramShaAuthenticator classes) and then subsequently ScramShaAuthenticator.Transition is called with the wrong response, e.g. I captured:&lt;/p&gt;

&lt;p&gt;ScramShaAuthenticator#1.rPrefix &quot;MKS.RaW7GM5z.pJ-{s:Y&quot; string&lt;br/&gt;
 ScramShaAuthenticator#2.rPrefix &quot;\&quot;Zw/5(R.)*HK@8pcg^g&quot; string&lt;/p&gt;

&lt;p&gt;ScramShaAuthenticator#2.Transition map&lt;span class=&quot;error&quot;&gt;&amp;#91;&amp;quot;r&amp;quot;&amp;#93;&lt;/span&gt; = &quot;MKS.RaW7GM5z.pJ-{s:Y9Rcih99HWu94edIYZpq157r7VX7TgCDR&quot; string&lt;/p&gt;

&lt;p&gt;so the prefixes don&apos;t match and&lt;/p&gt;

&lt;p&gt;var r = map&lt;span class=&quot;error&quot;&gt;&amp;#91;&amp;#39;r&amp;#39;&amp;#93;&lt;/span&gt;;&lt;br/&gt;
 if (!r.StartsWith(_rPrefix, StringComparison.Ordinal))&lt;/p&gt;

{

&#160;&#160;&#160;&#160; throw new MongoAuthenticationException(conversation.ConnectionId, message: &quot;Server sent an invalid nonce.&quot;);

}

&lt;p&gt;throws.&lt;/p&gt;

&lt;p&gt;Also looking with tcpdump I see that the server reply includes the nonce that the client is sending so that it appears that the issue is with the client rather than the server.&lt;/p&gt;

&lt;p&gt;I&apos;m not sure where the mixing up is happening &#8211; some pointers would be helpful.&lt;/p&gt;

&lt;p&gt;(I also pasted this comment in &lt;a href=&quot;https://jira.mongodb.org/browse/CSHARP-2358&quot; title=&quot;Sporadic exception opening connections: MongoDB.Driver.MongoAuthenticationException: Server sent an invalid nonce.&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CSHARP-2358&quot;&gt;&lt;del&gt;CSHARP-2358&lt;/del&gt;&lt;/a&gt; which has other reports of the same problem but that&apos;s closed so I&apos;m adding it to an active one as well, sorry if that&apos;s annoying)&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="1480223">CSHARP-3211</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="589769">CSHARP-2358</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hxocbz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>