DOCSP-38861 - OIDC #81
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jordan-smith721
approved these changes
Apr 23, 2024
source/security/authentication.txt
Outdated
| The MONGODB-OIDC authentication mechanism requires MongoDB v7.0 or later running | ||
| on a Linux platform. | ||
|
|
||
| {+driver-short+} supports OIDC authentication for *workload identities*. A workload |
There was a problem hiding this comment.
Suggested change
| {+driver-short+} supports OIDC authentication for *workload identities*. A workload | |
| {+driver-short+} supports OIDC authentication for **workload identities**. A workload |
source/security/authentication.txt
Outdated
| export AWS_WEB_IDENTITY_TOKEN_FILE=<absolute path to file containing OIDC token> | ||
|
|
||
| Then, define a class that inherits from the ``OIDCCallback`` class. This class must | ||
| implement one method, ``fetch()``, that returns the OIDC token in the form of an |
There was a problem hiding this comment.
This should also fix the Vale issue
Suggested change
| implement one method, ``fetch()``, that returns the OIDC token in the form of an | |
| implement a ``fetch()`` method, which returns the OIDC token in the form of an |
source/security/authentication.txt
Outdated
|
|
||
| You can set these options in two ways: by passing arguments to the | ||
| ``MongoClient`` constructor or through parameters in your connection string. | ||
| After you set the preceding environment variable, |
There was a problem hiding this comment.
I think this line was supposed to be deleted?
There was a problem hiding this comment.
good catch. there was so much copy/pasting for this ticket
Comment on lines
+4
to
+6
| properties = {"ENVIRONMENT": "azure", "TOKEN_RESOURCE": "<audience>"} | ||
| client = MongoClient( | ||
| "mongodb://<hostname>:<port>", |
There was a problem hiding this comment.
S: Space this out for readability since the example is focused on the client (applies to all code examples)
Suggested change
| properties = {"ENVIRONMENT": "azure", "TOKEN_RESOURCE": "<audience>"} | |
| client = MongoClient( | |
| "mongodb://<hostname>:<port>", | |
| properties = {"ENVIRONMENT": "azure", "TOKEN_RESOURCE": "<audience>"} | |
| client = MongoClient( | |
| "mongodb://<hostname>:<port>", |
There was a problem hiding this comment.
added highlighting
source/security/authentication.txt
Outdated
| python3 -m pip install azure-identity | ||
|
|
||
| Next, define a class that inherits from the ``OIDCCallback`` class. This class must | ||
| implement one method, ``fetch()``, that returns the OIDC token in the form of an |
There was a problem hiding this comment.
Suggested change
| implement one method, ``fetch()``, that returns the OIDC token in the form of an | |
| implement a ``fetch()`` method, which returns the OIDC token in the form of an |
source/security/authentication.txt
Outdated
| you can read the OIDC token from the standard service-account token-file location. | ||
|
|
||
| First, define a class that inherits from the ``OIDCCallback`` class. This class must | ||
| implement one method, ``fetch()``, that returns the OIDC token in the form of an |
There was a problem hiding this comment.
Suggested change
| implement one method, ``fetch()``, that returns the OIDC token in the form of an | |
| implement a ``fetch()`` method, which returns the OIDC token in the form of an |
mongoKart
commented
Apr 24, 2024
| properties = {"OIDC_CALLBACK": MyCallback()} | ||
| uri = ("mongodb://<hostname>:<port>/?" | ||
| "&authMechanism=MONGODB-OIDC" | ||
| "&authMechanismProperties=properties") |
There was a problem hiding this comment.
Can you pass properties in the connection string this way?
There was a problem hiding this comment.
No, you cannot pass the callback in the connection string
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Info
PR Reviewing Guidelines
JIRA - https://jira.mongodb.org/browse/DOCSP-38861
Staging - https://preview-mongodbmongokart.gatsbyjs.io/pymongo/docsp-38861-oidc/security/authentication/
Self-Review Checklist