Skip to content

Conversation

kevinAlbs
Copy link
Collaborator

Summary

Implement Machine Authentication Flow for OIDC auth. This enables using the MONGODB-OIDC auth mechanism with a user-supplied callback giving the access token. Integrating other identity providers is planned in future work: Azure (CDRIVER-4548) and GCP (CDRIVER-4611).

  • Add OIDC callback setters: mongoc_client_set_oidc_callback and mongoc_client_pool_set_oidc_callback.
  • Add binary operation to the BSON DSL to help construct the OIDC commands.

Tested with https://spruce.mongodb.com/version/68e90bef5727ed0007c8e376

Background & Motivation

mongoc_cluster_run_command_monitored checks for a ReauthenticationRequired error from the server and retries once. Ths same change is not made in mongoc_cluster_run_command_parts or mongoc_cluster_run_command_private (used for auth commands, and not expected to need retry).

mongoc_client(_pool)_set_oidc_callback returns a bool and logs on error for consistency with other recently added setters like mongoc_client(_pool)_set_structured_log_opts.

Testing

Evergreen tasks are added following Scripts for OIDC testing > Evergreen Testing.

Tests can be run locally by starting the OIDC-enabled server:

export AWS_PROFILE
$DRIVERS_TOOLS/.evergreen/auth_oidc/start_local_server.sh

Then running:

export MONGOC_TEST_USER="bob"
export MONGOC_TEST_PASSWORD="pwd123"
export MONGOC_TEST_OIDC="ON"
./cmake-build/src/libmongoc/test-libmongoc --no-fork -d \
    --match "/auth/unified/*" \
    --match "/oidc/*"

@kevinAlbs kevinAlbs force-pushed the conncache.evg-generated.rebased.C4489 branch from cc5f06a to c57816d Compare October 13, 2025 13:31
@kevinAlbs kevinAlbs marked this pull request as ready for review October 13, 2025 14:12
@kevinAlbs kevinAlbs requested a review from a team as a code owner October 13, 2025 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant