Skip to content

Add CSOT to OIDC. #1741

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jun 24, 2025
Merged

Add CSOT to OIDC. #1741

merged 7 commits into from
Jun 24, 2025

Conversation

vbabanin
Copy link
Member

@vbabanin vbabanin commented Jun 17, 2025
edited
Loading

Note:

The correct ticket for this PR is JAVA-5337.

Ticket JAVA-5357 was incorrectly linked.

@vbabanin vbabanin self-assigned this Jun 17, 2025
@vbabanin vbabanin requested a review from rozza June 17, 2025 01:30
@vbabanin vbabanin marked this pull request as ready for review June 17, 2025 01:34
@vbabanin vbabanin requested a review from a team as a code owner June 17, 2025 01:34
@vbabanin vbabanin removed the request for review from a team June 17, 2025 01:34
rozza
rozza requested changes Jun 17, 2025
View reviewed changes
Copy link
Member

@rozza rozza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question and one nit

driver-core/src/main/com/mongodb/internal/connection/OidcAuthenticator.java Outdated
if (timeoutContext.hasTimeoutMS()) {
return assertNotNull(timeoutContext.getTimeout()).call(TimeUnit.MILLISECONDS,
() -> {
Assertions.fail();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the tests it looks like it should fall back to serverSelectionTimeoutMS - if theres an infinite timeout - so how does that logic work?

Also it might be best to put an assertion message incase a future regression means this code path is hit - potentially would make debugging it easier.

Copy link
Member Author

@vbabanin vbabanin Jun 22, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I initially assumed, based on the spec, that serverSelectionTimeoutMS couldn’t be infinite, so I added the assertion. However, our implementation allows infinite timeouts for serverSelectionTimeoutMS. Given this, i see two options:

  1. If both timeoutMs and serverSelectionTimeoutMS are infinite, throw an exception.
  2. The OIDC spec doesn’t specify behavior for infinite timeouts, but we could pass the maximum Duration value (using ChronoUnit.FOREVER.getDuration()) to the OIDC callback. While not technically infinite, it’s large enough to represent an infinite timeout, aligning with both the OIDC spec (as it is technically Long.MAX_VALUE and not infinite) and our current API for infinite serverSelectionTimeoutMS.

I think option 2 is preferable, so I’ve added it in this commit: cc5469d. Let me know your thoughts.

@vbabanin vbabanin requested a review from rozza June 22, 2025 23:47
rozza
rozza approved these changes Jun 24, 2025
View reviewed changes
Copy link
Member

@rozza rozza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@vbabanin vbabanin merged commit 68d5421 into mongodb:main Jun 24, 2025
51 of 54 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rozza rozza

Assignees

@vbabanin vbabanin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vbabanin @rozza