fix(NODE-5035): change per suggestions

src/cmap/auth/mongodb_oidc.ts

@@ -78,14 +78,14 @@ export class MongoDBOIDC extends AuthProvider {
       if (error || !workflow) {
         return callback(error);
       }
-      workflow
-        .execute(connection, credentials)
-        .then(result => {
+      workflow.execute(connection, credentials).then(
+        result => {
           return callback(undefined, result);
-        })
-        .catch(error => {
+        },
+        error => {
           callback(error);
-        });
+        }
+      );
     });
   }
 
@@ -107,14 +107,14 @@ export class MongoDBOIDC extends AuthProvider {
       if (error || !workflow) {
         return callback(error);
       }
-      workflow
-        .speculativeAuth()
-        .then(result => {
+      workflow.speculativeAuth().then(
+        result => {
           return callback(undefined, { ...handshakeDoc, ...result });
-        })
-        .catch(error => {
+        },
+        error => {
           callback(error);
-        });
+        }
+      );
     });
   }
 }

src/cmap/auth/mongodb_oidc/callback_workflow.ts

@@ -1,5 +1,4 @@
 import { type Document, Binary, BSON } from 'bson';
-import { promisify } from 'util';
 
 import { MongoInvalidArgumentError } from '../../../error';
 import { ns } from '../../../utils';
@@ -11,7 +10,7 @@ import { TokenEntryCache } from './token_entry_cache';
 import type { Workflow } from './workflow';
 
 /* 5 minutes in milliseconds */
-const TIMEOUT = 300000;
+const TIMEOUT_MS = 300000;
 
 /**
  * OIDC implementation of a callback based workflow.
@@ -72,7 +71,7 @@ export class CallbackWorkflow implements Workflow {
           // If authentication errors when using a cached token we remove it from
           // the cache.
           this.cache.deleteEntry(connection.address, credentials.username || '');
-          return Promise.reject(error);
+          throw error;
         }
       } else {
         // Remove the expired entry from the cache.
@@ -87,8 +86,7 @@ export class CallbackWorkflow implements Workflow {
       }
     } else {
       // No entry means to start with the step one saslStart.
-      const executeCommand = promisify(connection.command.bind(connection));
-      const result = await executeCommand(
+      const result = await connection.commandAsync(
         ns(credentials.source),
         startCommandDocument(credentials),
         undefined
@@ -117,7 +115,7 @@ export class CallbackWorkflow implements Workflow {
         credentials.username,
         stepOneResult,
         tokenResult,
-        TIMEOUT
+        TIMEOUT_MS
       );
       // Cache a new entry and continue with the saslContinue.
       this.cache.addEntry(connection.address, credentials.username || '', result, stepOneResult);
@@ -142,7 +140,7 @@ export class CallbackWorkflow implements Workflow {
     // Always clear expired entries from the cache on each finish as cleanup.
     this.cache.deleteExpiredEntries();
     if (request) {
-      const tokenResult = await request(credentials.username, stepOneResult, TIMEOUT);
+      const tokenResult = await request(credentials.username, stepOneResult, TIMEOUT_MS);
       // Cache a new entry and continue with the saslContinue.
       this.cache.addEntry(
         connection.address,
@@ -171,8 +169,7 @@ async function finishAuth(
   credentials: MongoCredentials
 ): Promise<Document> {
   // Execute the step two saslContinue.
-  const executeCommand = promisify(connection.command.bind(connection));
-  return executeCommand(
+  return connection.commandAsync(
     ns(credentials.source),
     continueCommandDocument(result.accessToken, conversationId),
     undefined
@@ -206,6 +203,10 @@ function continueCommandDocument(token: string, conversationId?: number): Docume
       payload: new Binary(BSON.serialize({ jwt: token }))
     };
   }
+  // saslContinue requires a conversationId in the command to be valid so in this
+  // case the server allows "step two" to actually be a saslStart with the token
+  // as the jwt since the use of the cached value has no correlating conversating
+  // on the particular connection.
   return {
     saslStart: 1,
     mechanism: AuthMechanism.MONGODB_OIDC,

src/cmap/auth/mongodb_oidc/token_entry_cache.ts

@@ -87,11 +87,11 @@ export class TokenEntryCache {
    * Delete all expired entries from the cache.
    */
   deleteExpiredEntries(): void {
-    this.entries.forEach((entry, key, entries) => {
+    for (const [key, entry] of this.entries) {
       if (!entry.isValid()) {
-        entries.delete(key);
+        this.entries.delete(key);
       }
-    });
+    }
   }
 }
 

src/cmap/connection.ts

@@ -1,4 +1,5 @@
 import { clearTimeout, setTimeout } from 'timers';
+import { promisify } from 'util';
 
 import type { BSONSerializeOptions, Document, ObjectId } from '../bson';
 import {
@@ -159,6 +160,11 @@ export class Connection extends TypedEventEmitter<ConnectionEvents> {
   lastHelloMS?: number;
   serverApi?: ServerApi;
   helloOk?: boolean;
+  commandAsync: (
+    ns: MongoDBNamespace,
+    cmd: Document,
+    options: CommandOptions | undefined
+  ) => Promise<Document>;
 
   /**@internal */
   [kDelayedTimeoutId]: NodeJS.Timeout | null;
@@ -198,6 +204,16 @@ export class Connection extends TypedEventEmitter<ConnectionEvents> {
 
   constructor(stream: Stream, options: ConnectionOptions) {
     super();
+
+    this.commandAsync = promisify(
+      (
+        ns: MongoDBNamespace,
+        cmd: Document,
+        options: CommandOptions | undefined,
+        callback: Callback
+      ) => this.command(ns, cmd, options, callback as any)
+    );
+
     this.id = options.id;
     this.address = streamIdentifier(stream, options);
     this.socketTimeoutMS = options.socketTimeoutMS ?? 0;