mongodb 6.6.2 → 6.7.0-dev.20240607.sha.aa429f8c

package/lib/cmap/auth/mongodb_oidc/callback_workflow.js.map

@@ -1 +1 @@
-{"version":3,"file":"callback_workflow.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/callback_workflow.ts"],"names":[],"mappings":";;;AAAA,+BAAmD;AAEnD,0CAA+F;AAC/F,0CAAoC;AAWpC,4CAA6C;AAC7C,+DAA0D;AAC1D,2DAAsD;AAEtD,kDAAkD;AAClD,MAAM,YAAY,GAAG,CAAC,CAAC;AAEvB,2BAA2B;AAC3B,MAAM,SAAS,GAAG,GAAG,CAAC;AAEtB,kDAAkD;AAClD,MAAM,iBAAiB,GAAG,CAAC,aAAa,EAAE,kBAAkB,EAAE,cAAc,CAAC,CAAC;AAE9E,yDAAyD;AACzD,MAAM,qBAAqB,GACzB,8EAA8E,CAAC;AAEjF;;;GAGG;AACH,MAAa,gBAAgB;IAI3B;;OAEG;IACH;QACE,IAAI,CAAC,KAAK,GAAG,IAAI,mCAAe,EAAE,CAAC;QACnC,IAAI,CAAC,aAAa,GAAG,IAAI,uCAAiB,EAAE,CAAC;IAC/C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe,CAAC,WAA6B;QACjD,MAAM,QAAQ,GAAG,oBAAoB,CAAC,WAAW,CAAC,CAAC;QACnD,QAAQ,CAAC,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC;QACjC,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CACX,UAAsB,EACtB,WAA6B,EAC7B,gBAAyB,EACzB,QAAmB;QAEnB,6DAA6D;QAC7D,MAAM,EAAE,eAAe,EAAE,eAAe,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CACpF,UAAU,EACV,WAAW,CACZ,CAAC;QACF,2CAA2C;QAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,EAAE,WAAW,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAC1F,IAAI,MAAM,CAAC;QACX,IAAI,KAAK,EAAE;YACT,0EAA0E;YAC1E,4DAA4D;YAC5D,IAAI,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE;gBACxC,2EAA2E;gBAC3E,MAAM,GAAG,MAAM,IAAI,CAAC,oBAAoB,CACtC,UAAU,EACV,WAAW,EACX,KAAK,CAAC,WAAW,EACjB,QAAQ,EAAE,uBAAuB,EAAE,cAAc,CAClD,CAAC;aACH;iBAAM;gBACL,uEAAuE;gBACvE,+BAA+B;gBAC/B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAC7C,UAAU,EACV,WAAW,EACX,KAAK,CAAC,UAAU,EAChB,gBAAgB,EAChB,YAAY,EACZ,eAAe,EACf,eAAe,CAChB,CAAC;gBACF,IAAI;oBACF,MAAM,GAAG,MAAM,IAAI,CAAC,oBAAoB,CACtC,UAAU,EACV,WAAW,EACX,WAAW,EACX,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,uBAAuB,EAAE,cAAc,CACjF,CAAC;iBACH;gBAAC,OAAO,KAAK,EAAE;oBACd,mEAAmE;oBACnE,kEAAkE;oBAClE,mBAAmB;oBACnB,IACE,gBAAgB;wBAChB,KAAK,YAAY,kBAAU;wBAC3B,KAAK,CAAC,IAAI,KAAK,2BAAmB,CAAC,cAAc,EACjD;wBACA,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,EAAE,WAAW,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;wBAC/E,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,WAAW,EAAE,gBAAgB,CAAC,CAAC;qBACxE;yBAAM;wBACL,MAAM,KAAK,CAAC;qBACb;iBACF;aACF;SACF;aAAM;YACL,mEAAmE;YACnE,uEAAuE;YACvE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAClD,UAAU,EACV,WAAW,EACX,gBAAgB,EAChB,QAAQ,CACT,CAAC;YACF,MAAM,cAAc,GAAG,aAAa,CAAC,cAAc,CAAC;YACpD,MAAM,YAAY,GAAG,WAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,CAAkB,CAAC;YACrF,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAC7C,UAAU,EACV,WAAW,EACX,YAAY,EACZ,gBAAgB,EAChB,YAAY,EACZ,eAAe,EACf,eAAe,CAChB,CAAC;YACF,MAAM,GAAG,MAAM,IAAI,CAAC,oBAAoB,CACtC,UAAU,EACV,WAAW,EACX,WAAW,EACX,cAAc,CACf,CAAC;SACH;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,mBAAmB,CAC/B,UAAsB,EACtB,WAA6B,EAC7B,gBAAyB,EACzB,QAAmB;QAEnB,IAAI,MAAM,CAAC;QACX,IAAI,CAAC,gBAAgB,IAAI,QAAQ,EAAE,uBAAuB,EAAE;YAC1D,MAAM,GAAG,QAAQ,CAAC,uBAAuB,CAAC;SAC3C;aAAM;YACL,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAC/B,IAAA,UAAE,EAAC,WAAW,CAAC,MAAM,CAAC,EACtB,oBAAoB,CAAC,WAAW,CAAC,EACjC,SAAS,CACV,CAAC;SACH;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,oBAAoB,CAChC,UAAsB,EACtB,WAA6B,EAC7B,WAA8B,EAC9B,cAAuB;QAEvB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CACrC,IAAA,UAAE,EAAC,WAAW,CAAC,MAAM,CAAC,EACtB,qBAAqB,CAAC,WAAW,CAAC,WAAW,EAAE,cAAc,CAAC,EAC9D,SAAS,CACV,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,gBAAgB,CAC5B,UAAsB,EACtB,WAA6B,EAC7B,UAAyB,EACzB,gBAAyB,EACzB,YAAoB,EACpB,eAAoC,EACpC,eAAqC;QAErC,gCAAgC;QAChC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,EAAE,WAAW,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAC1F,IAAI,MAAM,CAAC;QACX,MAAM,OAAO,GAAwB,EAAE,cAAc,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC;QAC1F,yCAAyC;QACzC,IAAI,KAAK,EAAE;YACT,wDAAwD;YACxD,IAAI,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE;gBACxC,OAAO,KAAK,CAAC,WAAW,CAAC;aAC1B;YACD,8EAA8E;YAC9E,yEAAyE;YACzE,iDAAiD;YACjD,IAAI,eAAe,EAAE;gBACnB,OAAO,CAAC,YAAY,GAAG,KAAK,CAAC,WAAW,CAAC,YAAY,CAAC;gBACtD,MAAM,GAAG,MAAM,eAAe,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;aACrD;iBAAM;gBACL,MAAM,GAAG,MAAM,eAAe,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;aACrD;SACF;aAAM;YACL,0DAA0D;YAC1D,MAAM,GAAG,MAAM,eAAe,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;SACrD;QACD,gFAAgF;QAChF,iDAAiD;QACjD,IAAI,uBAAuB,CAAC,MAAM,CAAC,EAAE;YACnC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,EAAE,WAAW,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YAC/E,MAAM,IAAI,oCAA4B,CAAC,qBAAqB,CAAC,CAAC;SAC/D;QACD,qBAAqB;QACrB,IAAI,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC;QAClC,oCAAoC;QACpC,IAAI,CAAC,KAAK,CAAC,QAAQ,CACjB,UAAU,CAAC,OAAO,EAClB,WAAW,CAAC,QAAQ,IAAI,EAAE,EAC1B,YAAY,EACZ,MAAM,EACN,UAAU,CACX,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAlND,4CAkNC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,KAAa,EAAE,cAAuB;IACnE,IAAI,cAAc,IAAI,IAAI,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE;QAChE,OAAO;YACL,YAAY,EAAE,CAAC;YACf,cAAc,EAAE,cAAc;YAC9B,OAAO,EAAE,IAAI,aAAM,CAAC,WAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;SACpD,CAAC;KACH;IACD,+EAA+E;IAC/E,8EAA8E;IAC9E,+EAA+E;IAC/E,gCAAgC;IAChC,OAAO;QACL,SAAS,EAAE,CAAC;QACZ,SAAS,EAAE,yBAAa,CAAC,YAAY;QACrC,OAAO,EAAE,IAAI,aAAM,CAAC,WAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;KACpD,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,uBAAuB,CAAC,WAAoB;IACnD,IAAI,WAAW,IAAI,IAAI,IAAI,OAAO,WAAW,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACxE,IAAI,CAAC,CAAC,aAAa,IAAI,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;AAClG,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,WAA6B;IACzD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,WAAW,CAAC,QAAQ,EAAE;QACxB,OAAO,CAAC,CAAC,GAAG,WAAW,CAAC,QAAQ,CAAC;KAClC;IACD,OAAO;QACL,SAAS,EAAE,CAAC;QACZ,aAAa,EAAE,CAAC;QAChB,SAAS,EAAE,yBAAa,CAAC,YAAY;QACrC,OAAO,EAAE,IAAI,aAAM,CAAC,WAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;KAC7C,CAAC;AACJ,CAAC"}
+{"version":3,"file":"callback_workflow.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/callback_workflow.ts"],"names":[],"mappings":";;;AACA,8CAA6C;AAE7C,0CAA8D;AAC9D,0CAAoC;AASpC,yDAAiF;AAGjF,gCAAgC;AACnB,QAAA,gBAAgB,GAAG,MAAM,CAAC;AACvC,+BAA+B;AAClB,QAAA,oBAAoB,GAAG,KAAK,CAAC;AAE1C,kDAAkD;AAClD,MAAM,iBAAiB,GAAG,CAAC,aAAa,EAAE,kBAAkB,EAAE,cAAc,CAAC,CAAC;AAE9E,yDAAyD;AACzD,MAAM,qBAAqB,GACzB,8EAA8E,CAAC;AAEjF,2CAA2C;AAC3C,MAAM,WAAW,GAAG,GAAG,CAAC;AAExB;;;GAGG;AACH,MAAsB,gBAAgB;IAKpC;;OAEG;IACH,YAAY,KAAiB,EAAE,QAA8B;QAC3D,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;IACpD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe,CAAC,UAAsB,EAAE,WAA6B;QACzE,iDAAiD;QACjD,uFAAuF;QACvF,+EAA+E;QAC/E,IAAI,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE;YAC7B,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;YAChD,UAAU,CAAC,WAAW,GAAG,WAAW,CAAC;YACrC,MAAM,QAAQ,GAAG,IAAA,wCAAqB,EAAC,WAAW,CAAC,CAAC;YACpD,QAAQ,CAAC,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC;YACjC,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC;SAC9C;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc,CAAC,UAAsB,EAAE,WAA6B;QACxE,IAAI,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE;YAC7B,kDAAkD;YAClD,IAAI,UAAU,CAAC,WAAW,KAAK,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE;gBAC1D,kEAAkE;gBAClE,2CAA2C;gBAC3C,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC;gBAC/B,OAAO,UAAU,CAAC,WAAW,CAAC;aAC/B;iBAAM;gBACL,sEAAsE;gBACtE,iEAAiE;gBACjE,SAAS;gBACT,UAAU,CAAC,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;aACtD;SACF;QACD,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAC9C,CAAC;IAWD;;;;OAIG;IACO,KAAK,CAAC,mBAAmB,CACjC,UAAsB,EACtB,WAA6B,EAC7B,QAAmB;QAEnB,IAAI,MAAM,CAAC;QACX,IAAI,QAAQ,EAAE,uBAAuB,EAAE;YACrC,MAAM,GAAG,QAAQ,CAAC,uBAAuB,CAAC;SAC3C;aAAM;YACL,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAC/B,IAAA,UAAE,EAAC,WAAW,CAAC,MAAM,CAAC,EACtB,IAAA,uCAAoB,EAAC,WAAW,CAAC,EACjC,SAAS,CACV,CAAC;SACH;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,oBAAoB,CAClC,UAAsB,EACtB,WAA6B,EAC7B,KAAa,EACb,cAAuB;QAEvB,MAAM,UAAU,CAAC,OAAO,CACtB,IAAA,UAAE,EAAC,WAAW,CAAC,MAAM,CAAC,EACtB,IAAA,wCAAqB,EAAC,KAAK,EAAE,cAAc,CAAC,EAC5C,SAAS,CACV,CAAC;IACJ,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,0BAA0B,CAAC,MAA0B;QACnE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3C,gFAAgF;QAChF,iDAAiD;QACjD,IAAI,uBAAuB,CAAC,MAAM,CAAC,EAAE;YACnC,MAAM,IAAI,oCAA4B,CAAC,qBAAqB,CAAC,CAAC;SAC/D;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACO,QAAQ,CAAC,QAA8B;QAC/C,IAAI,IAAI,GAAiB,OAAO,CAAC,OAAO,EAAE,CAAC;QAC3C,OAAO,KAAK,EAAE,MAA0B,EAAyB,EAAE;YACjE,oEAAoE;YACpE,uEAAuE;YACvE,MAAM,IAAI,CAAC;YACX,IAAI,GAAG,IAAI;gBACT,0CAA0C;iBACzC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;gBAClB,0CAA0C;iBACzC,IAAI,CAAC,KAAK,IAAI,EAAE;gBACf,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC;gBACvD,IAAI,UAAU,IAAI,WAAW,EAAE;oBAC7B,MAAM,IAAA,qBAAU,EAAC,WAAW,GAAG,UAAU,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;iBAC/E;gBACD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACpC,OAAO,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;YAChC,CAAC,CAAC,CAAC;YACL,OAAO,MAAM,IAAI,CAAC;QACpB,CAAC,CAAC;IACJ,CAAC;CACF;AA7ID,4CA6IC;AAED;;;;GAIG;AACH,SAAS,uBAAuB,CAAC,WAAoB;IACnD,IAAI,WAAW,IAAI,IAAI,IAAI,OAAO,WAAW,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACxE,IAAI,CAAC,CAAC,aAAa,IAAI,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;AAClG,CAAC"}

package/lib/cmap/auth/mongodb_oidc/command_builders.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startCommandDocument = exports.finishCommandDocument = void 0;
+const bson_1 = require("bson");
+const providers_1 = require("../providers");
+/**
+ * Generate the finishing command document for authentication. Will be a
+ * saslStart or saslContinue depending on the presence of a conversation id.
+ */
+function finishCommandDocument(token, conversationId) {
+    if (conversationId != null) {
+        return {
+            saslContinue: 1,
+            conversationId: conversationId,
+            payload: new bson_1.Binary(bson_1.BSON.serialize({ jwt: token }))
+        };
+    }
+    // saslContinue requires a conversationId in the command to be valid so in this
+    // case the server allows "step two" to actually be a saslStart with the token
+    // as the jwt since the use of the cached value has no correlating conversating
+    // on the particular connection.
+    return {
+        saslStart: 1,
+        mechanism: providers_1.AuthMechanism.MONGODB_OIDC,
+        payload: new bson_1.Binary(bson_1.BSON.serialize({ jwt: token }))
+    };
+}
+exports.finishCommandDocument = finishCommandDocument;
+/**
+ * Generate the saslStart command document.
+ */
+function startCommandDocument(credentials) {
+    const payload = {};
+    if (credentials.username) {
+        payload.n = credentials.username;
+    }
+    return {
+        saslStart: 1,
+        autoAuthorize: 1,
+        mechanism: providers_1.AuthMechanism.MONGODB_OIDC,
+        payload: new bson_1.Binary(bson_1.BSON.serialize(payload))
+    };
+}
+exports.startCommandDocument = startCommandDocument;
+//# sourceMappingURL=command_builders.js.map

package/lib/cmap/auth/mongodb_oidc/command_builders.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command_builders.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/command_builders.ts"],"names":[],"mappings":";;;AAAA,+BAAmD;AAGnD,4CAA6C;AAa7C;;;GAGG;AACH,SAAgB,qBAAqB,CAAC,KAAa,EAAE,cAAuB;IAC1E,IAAI,cAAc,IAAI,IAAI,EAAE;QAC1B,OAAO;YACL,YAAY,EAAE,CAAC;YACf,cAAc,EAAE,cAAc;YAC9B,OAAO,EAAE,IAAI,aAAM,CAAC,WAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;SACpD,CAAC;KACH;IACD,+EAA+E;IAC/E,8EAA8E;IAC9E,+EAA+E;IAC/E,gCAAgC;IAChC,OAAO;QACL,SAAS,EAAE,CAAC;QACZ,SAAS,EAAE,yBAAa,CAAC,YAAY;QACrC,OAAO,EAAE,IAAI,aAAM,CAAC,WAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;KACpD,CAAC;AACJ,CAAC;AAjBD,sDAiBC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAAC,WAA6B;IAChE,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,WAAW,CAAC,QAAQ,EAAE;QACxB,OAAO,CAAC,CAAC,GAAG,WAAW,CAAC,QAAQ,CAAC;KAClC;IACD,OAAO;QACL,SAAS,EAAE,CAAC;QACZ,aAAa,EAAE,CAAC;QAChB,SAAS,EAAE,yBAAa,CAAC,YAAY;QACrC,OAAO,EAAE,IAAI,aAAM,CAAC,WAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;KAC7C,CAAC;AACJ,CAAC;AAXD,oDAWC"}

package/lib/cmap/auth/mongodb_oidc/gcp_machine_workflow.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GCPMachineWorkflow = void 0;
+const error_1 = require("../../../error");
+const utils_1 = require("../../../utils");
+const machine_workflow_1 = require("./machine_workflow");
+/** GCP base URL. */
+const GCP_BASE_URL = 'http://metadata/computeMetadata/v1/instance/service-accounts/default/identity';
+/** GCP request headers. */
+const GCP_HEADERS = Object.freeze({ 'Metadata-Flavor': 'Google' });
+/** Error for when the token audience is missing in the environment. */
+const TOKEN_RESOURCE_MISSING_ERROR = 'TOKEN_RESOURCE must be set in the auth mechanism properties when ENVIRONMENT is gcp.';
+class GCPMachineWorkflow extends machine_workflow_1.MachineWorkflow {
+    /**
+     * Instantiate the machine workflow.
+     */
+    constructor(cache) {
+        super(cache);
+    }
+    /**
+     * Get the token from the environment.
+     */
+    async getToken(credentials) {
+        const tokenAudience = credentials?.mechanismProperties.TOKEN_RESOURCE;
+        if (!tokenAudience) {
+            throw new error_1.MongoGCPError(TOKEN_RESOURCE_MISSING_ERROR);
+        }
+        return await getGcpTokenData(tokenAudience);
+    }
+}
+exports.GCPMachineWorkflow = GCPMachineWorkflow;
+/**
+ * Hit the GCP endpoint to get the token data.
+ */
+async function getGcpTokenData(tokenAudience) {
+    const url = new URL(GCP_BASE_URL);
+    url.searchParams.append('audience', tokenAudience);
+    const response = await (0, utils_1.get)(url, {
+        headers: GCP_HEADERS
+    });
+    if (response.status !== 200) {
+        throw new error_1.MongoGCPError(`Status code ${response.status} returned from the GCP endpoint. Response body: ${response.body}`);
+    }
+    return { access_token: response.body };
+}
+//# sourceMappingURL=gcp_machine_workflow.js.map

package/lib/cmap/auth/mongodb_oidc/gcp_machine_workflow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gcp_machine_workflow.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/gcp_machine_workflow.ts"],"names":[],"mappings":";;;AAAA,0CAA+C;AAC/C,0CAAqC;AAErC,yDAAuE;AAGvE,oBAAoB;AACpB,MAAM,YAAY,GAChB,+EAA+E,CAAC;AAElF,2BAA2B;AAC3B,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,iBAAiB,EAAE,QAAQ,EAAE,CAAC,CAAC;AAEnE,uEAAuE;AACvE,MAAM,4BAA4B,GAChC,sFAAsF,CAAC;AAEzF,MAAa,kBAAmB,SAAQ,kCAAe;IACrD;;OAEG;IACH,YAAY,KAAiB;QAC3B,KAAK,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,WAA8B;QAC3C,MAAM,aAAa,GAAG,WAAW,EAAE,mBAAmB,CAAC,cAAc,CAAC;QACtE,IAAI,CAAC,aAAa,EAAE;YAClB,MAAM,IAAI,qBAAa,CAAC,4BAA4B,CAAC,CAAC;SACvD;QACD,OAAO,MAAM,eAAe,CAAC,aAAa,CAAC,CAAC;IAC9C,CAAC;CACF;AAlBD,gDAkBC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAAC,aAAqB;IAClD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;IAClC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,MAAM,IAAA,WAAG,EAAC,GAAG,EAAE;QAC9B,OAAO,EAAE,WAAW;KACrB,CAAC,CAAC;IACH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;QAC3B,MAAM,IAAI,qBAAa,CACrB,eAAe,QAAQ,CAAC,MAAM,mDAAmD,QAAQ,CAAC,IAAI,EAAE,CACjG,CAAC;KACH;IACD,OAAO,EAAE,YAAY,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;AACzC,CAAC"}

package/lib/cmap/auth/mongodb_oidc/human_callback_workflow.js

@@ -0,0 +1,122 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HumanCallbackWorkflow = void 0;
+const bson_1 = require("bson");
+const error_1 = require("../../../error");
+const timeout_1 = require("../../../timeout");
+const mongodb_oidc_1 = require("../mongodb_oidc");
+const callback_workflow_1 = require("./callback_workflow");
+/**
+ * Class implementing behaviour for the non human callback workflow.
+ * @internal
+ */
+class HumanCallbackWorkflow extends callback_workflow_1.CallbackWorkflow {
+    /**
+     * Instantiate the human callback workflow.
+     */
+    constructor(cache, callback) {
+        super(cache, callback);
+    }
+    /**
+     * Execute the OIDC human callback workflow.
+     */
+    async execute(connection, credentials) {
+        // Check if the Client Cache has an access token.
+        // If it does, cache the access token in the Connection Cache and perform a One-Step SASL conversation
+        // using the access token. If the server returns an Authentication error (18),
+        // invalidate the access token token from the Client Cache, clear the Connection Cache,
+        // and restart the authentication flow. Raise any other errors to the user. On success, exit the algorithm.
+        if (this.cache.hasAccessToken) {
+            const token = this.cache.getAccessToken();
+            connection.accessToken = token;
+            try {
+                return await this.finishAuthentication(connection, credentials, token);
+            }
+            catch (error) {
+                if (error instanceof error_1.MongoError &&
+                    error.code === error_1.MONGODB_ERROR_CODES.AuthenticationFailed) {
+                    this.cache.removeAccessToken();
+                    delete connection.accessToken;
+                    return await this.execute(connection, credentials);
+                }
+                else {
+                    throw error;
+                }
+            }
+        }
+        // Check if the Client Cache has a refresh token.
+        // If it does, call the OIDC Human Callback with the cached refresh token and IdpInfo to get a
+        // new access token. Cache the new access token in the Client Cache and Connection Cache.
+        // Perform a One-Step SASL conversation using the new access token. If the the server returns
+        // an Authentication error (18), clear the refresh token, invalidate the access token from the
+        // Client Cache, clear the Connection Cache, and restart the authentication flow. Raise any other
+        // errors to the user. On success, exit the algorithm.
+        if (this.cache.hasRefreshToken) {
+            const refreshToken = this.cache.getRefreshToken();
+            const result = await this.fetchAccessToken(this.cache.getIdpInfo(), credentials, refreshToken);
+            this.cache.put(result);
+            connection.accessToken = result.accessToken;
+            try {
+                return await this.finishAuthentication(connection, credentials, result.accessToken);
+            }
+            catch (error) {
+                if (error instanceof error_1.MongoError &&
+                    error.code === error_1.MONGODB_ERROR_CODES.AuthenticationFailed) {
+                    this.cache.removeRefreshToken();
+                    delete connection.accessToken;
+                    return await this.execute(connection, credentials);
+                }
+                else {
+                    throw error;
+                }
+            }
+        }
+        // Start a new Two-Step SASL conversation.
+        // Run a PrincipalStepRequest to get the IdpInfo.
+        // Call the OIDC Human Callback with the new IdpInfo to get a new access token and optional refresh
+        // token. Drivers MUST NOT pass a cached refresh token to the callback when performing
+        // a new Two-Step conversation. Cache the new IdpInfo and refresh token in the Client Cache and the
+        // new access token in the Client Cache and Connection Cache.
+        // Attempt to authenticate using a JwtStepRequest with the new access token. Raise any errors to the user.
+        const startResponse = await this.startAuthentication(connection, credentials);
+        const conversationId = startResponse.conversationId;
+        const idpInfo = bson_1.BSON.deserialize(startResponse.payload.buffer);
+        const callbackResponse = await this.fetchAccessToken(idpInfo, credentials);
+        this.cache.put(callbackResponse, idpInfo);
+        connection.accessToken = callbackResponse.accessToken;
+        return await this.finishAuthentication(connection, credentials, callbackResponse.accessToken, conversationId);
+    }
+    /**
+     * Fetches an access token using the callback.
+     */
+    async fetchAccessToken(idpInfo, credentials, refreshToken) {
+        const controller = new AbortController();
+        const params = {
+            timeoutContext: controller.signal,
+            version: mongodb_oidc_1.OIDC_VERSION,
+            idpInfo: idpInfo
+        };
+        if (credentials.username) {
+            params.username = credentials.username;
+        }
+        if (refreshToken) {
+            params.refreshToken = refreshToken;
+        }
+        const timeout = timeout_1.Timeout.expires(callback_workflow_1.HUMAN_TIMEOUT_MS);
+        try {
+            return await Promise.race([this.executeAndValidateCallback(params), timeout]);
+        }
+        catch (error) {
+            if (timeout_1.TimeoutError.is(error)) {
+                controller.abort();
+                throw new error_1.MongoOIDCError(`OIDC callback timed out after ${callback_workflow_1.HUMAN_TIMEOUT_MS}ms.`);
+            }
+            throw error;
+        }
+        finally {
+            timeout.clear();
+        }
+    }
+}
+exports.HumanCallbackWorkflow = HumanCallbackWorkflow;
+//# sourceMappingURL=human_callback_workflow.js.map

package/lib/cmap/auth/mongodb_oidc/human_callback_workflow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"human_callback_workflow.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/human_callback_workflow.ts"],"names":[],"mappings":";;;AAAA,+BAA4B;AAE5B,0CAAiF;AACjF,8CAAyD;AAGzD,kDAMyB;AACzB,2DAAyE;AAGzE;;;GAGG;AACH,MAAa,qBAAsB,SAAQ,oCAAgB;IACzD;;OAEG;IACH,YAAY,KAAiB,EAAE,QAA8B;QAC3D,KAAK,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,UAAsB,EAAE,WAA6B;QACjE,iDAAiD;QACjD,sGAAsG;QACtG,8EAA8E;QAC9E,uFAAuF;QACvF,2GAA2G;QAC3G,IAAI,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE;YAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;YAC1C,UAAU,CAAC,WAAW,GAAG,KAAK,CAAC;YAC/B,IAAI;gBACF,OAAO,MAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;aACxE;YAAC,OAAO,KAAK,EAAE;gBACd,IACE,KAAK,YAAY,kBAAU;oBAC3B,KAAK,CAAC,IAAI,KAAK,2BAAmB,CAAC,oBAAoB,EACvD;oBACA,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC;oBAC/B,OAAO,UAAU,CAAC,WAAW,CAAC;oBAC9B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;iBACpD;qBAAM;oBACL,MAAM,KAAK,CAAC;iBACb;aACF;SACF;QACD,iDAAiD;QACjD,8FAA8F;QAC9F,yFAAyF;QACzF,6FAA6F;QAC7F,8FAA8F;QAC9F,iGAAiG;QACjG,sDAAsD;QACtD,IAAI,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE;YAC9B,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;YAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CACxC,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,EACvB,WAAW,EACX,YAAY,CACb,CAAC;YACF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACvB,UAAU,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;YAC5C,IAAI;gBACF,OAAO,MAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;aACrF;YAAC,OAAO,KAAK,EAAE;gBACd,IACE,KAAK,YAAY,kBAAU;oBAC3B,KAAK,CAAC,IAAI,KAAK,2BAAmB,CAAC,oBAAoB,EACvD;oBACA,IAAI,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC;oBAChC,OAAO,UAAU,CAAC,WAAW,CAAC;oBAC9B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;iBACpD;qBAAM;oBACL,MAAM,KAAK,CAAC;iBACb;aACF;SACF;QAED,0CAA0C;QAC1C,iDAAiD;QACjD,mGAAmG;QACnG,sFAAsF;QACtF,mGAAmG;QACnG,6DAA6D;QAC7D,0GAA0G;QAC1G,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAC9E,MAAM,cAAc,GAAG,aAAa,CAAC,cAAc,CAAC;QACpD,MAAM,OAAO,GAAG,WAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,CAAY,CAAC;QAC1E,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAC3E,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QAC1C,UAAU,CAAC,WAAW,GAAG,gBAAgB,CAAC,WAAW,CAAC;QACtD,OAAO,MAAM,IAAI,CAAC,oBAAoB,CACpC,UAAU,EACV,WAAW,EACX,gBAAgB,CAAC,WAAW,EAC5B,cAAc,CACf,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAC5B,OAAgB,EAChB,WAA6B,EAC7B,YAAqB;QAErB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,MAAM,GAAuB;YACjC,cAAc,EAAE,UAAU,CAAC,MAAM;YACjC,OAAO,EAAE,2BAAY;YACrB,OAAO,EAAE,OAAO;SACjB,CAAC;QACF,IAAI,WAAW,CAAC,QAAQ,EAAE;YACxB,MAAM,CAAC,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC;SACxC;QACD,IAAI,YAAY,EAAE;YAChB,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC;SACpC;QACD,MAAM,OAAO,GAAG,iBAAO,CAAC,OAAO,CAAC,oCAAgB,CAAC,CAAC;QAClD,IAAI;YACF,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;SAC/E;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,sBAAY,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE;gBAC1B,UAAU,CAAC,KAAK,EAAE,CAAC;gBACnB,MAAM,IAAI,sBAAc,CAAC,iCAAiC,oCAAgB,KAAK,CAAC,CAAC;aAClF;YACD,MAAM,KAAK,CAAC;SACb;gBAAS;YACR,OAAO,CAAC,KAAK,EAAE,CAAC;SACjB;IACH,CAAC;CACF;AAzHD,sDAyHC"}

package/lib/cmap/auth/mongodb_oidc/machine_workflow.js

@@ -0,0 +1,107 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MachineWorkflow = void 0;
+const promises_1 = require("timers/promises");
+const utils_1 = require("../../../utils");
+const command_builders_1 = require("./command_builders");
+/** The time to throttle callback calls. */
+const THROTTLE_MS = 100;
+/**
+ * Common behaviour for OIDC machine workflows.
+ * @internal
+ */
+class MachineWorkflow {
+    /**
+     * Instantiate the machine workflow.
+     */
+    constructor(cache) {
+        this.cache = cache;
+        this.callback = this.withLock(this.getToken.bind(this));
+        this.lastExecutionTime = Date.now() - THROTTLE_MS;
+    }
+    /**
+     * Execute the workflow. Gets the token from the subclass implementation.
+     */
+    async execute(connection, credentials) {
+        const token = await this.getTokenFromCacheOrEnv(connection, credentials);
+        const command = (0, command_builders_1.finishCommandDocument)(token);
+        await connection.command((0, utils_1.ns)(credentials.source), command, undefined);
+    }
+    /**
+     * Reauthenticate on a machine workflow just grabs the token again since the server
+     * has said the current access token is invalid or expired.
+     */
+    async reauthenticate(connection, credentials) {
+        if (this.cache.hasAccessToken) {
+            // Reauthentication implies the token has expired.
+            if (connection.accessToken === this.cache.getAccessToken()) {
+                // If connection's access token is the same as the cache's, remove
+                // the token from the cache and connection.
+                this.cache.removeAccessToken();
+                delete connection.accessToken;
+            }
+            else {
+                // If the connection's access token is different from the cache's, set
+                // the cache's token on the connection and do not remove from the
+                // cache.
+                connection.accessToken = this.cache.getAccessToken();
+            }
+        }
+        await this.execute(connection, credentials);
+    }
+    /**
+     * Get the document to add for speculative authentication.
+     */
+    async speculativeAuth(connection, credentials) {
+        // The spec states only cached access tokens can use speculative auth.
+        if (!this.cache.hasAccessToken) {
+            return {};
+        }
+        const token = await this.getTokenFromCacheOrEnv(connection, credentials);
+        const document = (0, command_builders_1.finishCommandDocument)(token);
+        document.db = credentials.source;
+        return { speculativeAuthenticate: document };
+    }
+    /**
+     * Get the token from the cache or environment.
+     */
+    async getTokenFromCacheOrEnv(connection, credentials) {
+        if (this.cache.hasAccessToken) {
+            return this.cache.getAccessToken();
+        }
+        else {
+            const token = await this.callback(credentials);
+            this.cache.put({ accessToken: token.access_token, expiresInSeconds: token.expires_in });
+            // Put the access token on the connection as well.
+            connection.accessToken = token.access_token;
+            return token.access_token;
+        }
+    }
+    /**
+     * Ensure the callback is only executed one at a time, and throttled to
+     * only once per 100ms.
+     */
+    withLock(callback) {
+        let lock = Promise.resolve();
+        return async (credentials) => {
+            // We do this to ensure that we would never return the result of the
+            // previous lock, only the current callback's value would get returned.
+            await lock;
+            lock = lock
+                // eslint-disable-next-line github/no-then
+                .catch(() => null)
+                // eslint-disable-next-line github/no-then
+                .then(async () => {
+                const difference = Date.now() - this.lastExecutionTime;
+                if (difference <= THROTTLE_MS) {
+                    await (0, promises_1.setTimeout)(THROTTLE_MS - difference);
+                }
+                this.lastExecutionTime = Date.now();
+                return await callback(credentials);
+            });
+            return await lock;
+        };
+    }
+}
+exports.MachineWorkflow = MachineWorkflow;
+//# sourceMappingURL=machine_workflow.js.map

package/lib/cmap/auth/mongodb_oidc/machine_workflow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"machine_workflow.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/machine_workflow.ts"],"names":[],"mappings":";;;AACA,8CAA6C;AAE7C,0CAAoC;AAIpC,yDAA2D;AAG3D,2CAA2C;AAC3C,MAAM,WAAW,GAAG,GAAG,CAAC;AAcxB;;;GAGG;AACH,MAAsB,eAAe;IAKnC;;OAEG;IACH,YAAY,KAAiB;QAC3B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACxD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,UAAsB,EAAE,WAA6B;QACjE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,IAAA,wCAAqB,EAAC,KAAK,CAAC,CAAC;QAC7C,MAAM,UAAU,CAAC,OAAO,CAAC,IAAA,UAAE,EAAC,WAAW,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IACvE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,cAAc,CAAC,UAAsB,EAAE,WAA6B;QACxE,IAAI,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE;YAC7B,kDAAkD;YAClD,IAAI,UAAU,CAAC,WAAW,KAAK,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE;gBAC1D,kEAAkE;gBAClE,2CAA2C;gBAC3C,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC;gBAC/B,OAAO,UAAU,CAAC,WAAW,CAAC;aAC/B;iBAAM;gBACL,sEAAsE;gBACtE,iEAAiE;gBACjE,SAAS;gBACT,UAAU,CAAC,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;aACtD;SACF;QACD,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,UAAsB,EAAE,WAA6B;QACzE,sEAAsE;QACtE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE;YAC9B,OAAO,EAAE,CAAC;SACX;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,IAAA,wCAAqB,EAAC,KAAK,CAAC,CAAC;QAC9C,QAAQ,CAAC,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC;QACjC,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC;IAC/C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAClC,UAAsB,EACtB,WAA6B;QAE7B,IAAI,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE;YAC7B,OAAO,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,CAAC;SACpC;aAAM;YACL,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC/C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,YAAY,EAAE,gBAAgB,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;YACxF,kDAAkD;YAClD,UAAU,CAAC,WAAW,GAAG,KAAK,CAAC,YAAY,CAAC;YAC5C,OAAO,KAAK,CAAC,YAAY,CAAC;SAC3B;IACH,CAAC;IAED;;;OAGG;IACK,QAAQ,CAAC,QAA2B;QAC1C,IAAI,IAAI,GAAiB,OAAO,CAAC,OAAO,EAAE,CAAC;QAC3C,OAAO,KAAK,EAAE,WAA6B,EAAwB,EAAE;YACnE,oEAAoE;YACpE,uEAAuE;YACvE,MAAM,IAAI,CAAC;YACX,IAAI,GAAG,IAAI;gBACT,0CAA0C;iBACzC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;gBAClB,0CAA0C;iBACzC,IAAI,CAAC,KAAK,IAAI,EAAE;gBACf,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC;gBACvD,IAAI,UAAU,IAAI,WAAW,EAAE;oBAC7B,MAAM,IAAA,qBAAU,EAAC,WAAW,GAAG,UAAU,CAAC,CAAC;iBAC5C;gBACD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACpC,OAAO,MAAM,QAAQ,CAAC,WAAW,CAAC,CAAC;YACrC,CAAC,CAAC,CAAC;YACL,OAAO,MAAM,IAAI,CAAC;QACpB,CAAC,CAAC;IACJ,CAAC;CAMF;AA3GD,0CA2GC"}

package/lib/cmap/auth/mongodb_oidc/token_cache.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenCache = void 0;
+const error_1 = require("../../../error");
+class MongoOIDCError extends error_1.MongoDriverError {
+}
+/** @internal */
+class TokenCache {
+    get hasAccessToken() {
+        return !!this.accessToken;
+    }
+    get hasRefreshToken() {
+        return !!this.refreshToken;
+    }
+    get hasIdpInfo() {
+        return !!this.idpInfo;
+    }
+    getAccessToken() {
+        if (!this.accessToken) {
+            throw new MongoOIDCError('Attempted to get an access token when none exists.');
+        }
+        return this.accessToken;
+    }
+    getRefreshToken() {
+        if (!this.refreshToken) {
+            throw new MongoOIDCError('Attempted to get a refresh token when none exists.');
+        }
+        return this.refreshToken;
+    }
+    getIdpInfo() {
+        if (!this.idpInfo) {
+            throw new MongoOIDCError('Attempted to get IDP information when none exists.');
+        }
+        return this.idpInfo;
+    }
+    put(response, idpInfo) {
+        this.accessToken = response.accessToken;
+        this.refreshToken = response.refreshToken;
+        this.expiresInSeconds = response.expiresInSeconds;
+        if (idpInfo) {
+            this.idpInfo = idpInfo;
+        }
+    }
+    removeAccessToken() {
+        this.accessToken = undefined;
+    }
+    removeRefreshToken() {
+        this.refreshToken = undefined;
+    }
+}
+exports.TokenCache = TokenCache;
+//# sourceMappingURL=token_cache.js.map

package/lib/cmap/auth/mongodb_oidc/token_cache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token_cache.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/token_cache.ts"],"names":[],"mappings":";;;AAAA,0CAAkD;AAGlD,MAAM,cAAe,SAAQ,wBAAgB;CAAG;AAEhD,gBAAgB;AAChB,MAAa,UAAU;IAMrB,IAAI,cAAc;QAChB,OAAO,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC;IAC5B,CAAC;IAED,IAAI,eAAe;QACjB,OAAO,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;IAC7B,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;IACxB,CAAC;IAED,cAAc;QACZ,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE;YACrB,MAAM,IAAI,cAAc,CAAC,oDAAoD,CAAC,CAAC;SAChF;QACD,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,eAAe;QACb,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE;YACtB,MAAM,IAAI,cAAc,CAAC,oDAAoD,CAAC,CAAC;SAChF;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,UAAU;QACR,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YACjB,MAAM,IAAI,cAAc,CAAC,oDAAoD,CAAC,CAAC;SAChF;QACD,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,GAAG,CAAC,QAAsB,EAAE,OAAiB;QAC3C,IAAI,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;QACxC,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC;QAC1C,IAAI,CAAC,gBAAgB,GAAG,QAAQ,CAAC,gBAAgB,CAAC;QAClD,IAAI,OAAO,EAAE;YACX,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;SACxB;IACH,CAAC;IAED,iBAAiB;QACf,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;IAC/B,CAAC;IAED,kBAAkB;QAChB,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;IAChC,CAAC;CACF;AAvDD,gCAuDC"}

package/lib/cmap/auth/mongodb_oidc/token_machine_workflow.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenMachineWorkflow = void 0;
+const fs = require("fs");
+const error_1 = require("../../../error");
+const machine_workflow_1 = require("./machine_workflow");
+/** Error for when the token is missing in the environment. */
+const TOKEN_MISSING_ERROR = 'OIDC_TOKEN_FILE must be set in the environment.';
+/**
+ * Device workflow implementation for AWS.
+ *
+ * @internal
+ */
+class TokenMachineWorkflow extends machine_workflow_1.MachineWorkflow {
+    /**
+     * Instantiate the machine workflow.
+     */
+    constructor(cache) {
+        super(cache);
+    }
+    /**
+     * Get the token from the environment.
+     */
+    async getToken() {
+        const tokenFile = process.env.OIDC_TOKEN_FILE;
+        if (!tokenFile) {
+            throw new error_1.MongoAWSError(TOKEN_MISSING_ERROR);
+        }
+        const token = await fs.promises.readFile(tokenFile, 'utf8');
+        return { access_token: token };
+    }
+}
+exports.TokenMachineWorkflow = TokenMachineWorkflow;
+//# sourceMappingURL=token_machine_workflow.js.map

package/lib/cmap/auth/mongodb_oidc/token_machine_workflow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token_machine_workflow.js","sourceRoot":"","sources":["../../../../src/cmap/auth/mongodb_oidc/token_machine_workflow.ts"],"names":[],"mappings":";;;AAAA,yBAAyB;AAEzB,0CAA+C;AAC/C,yDAAuE;AAGvE,8DAA8D;AAC9D,MAAM,mBAAmB,GAAG,iDAAiD,CAAC;AAE9E;;;;GAIG;AACH,MAAa,oBAAqB,SAAQ,kCAAe;IACvD;;OAEG;IACH,YAAY,KAAiB;QAC3B,KAAK,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ;QACZ,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC9C,IAAI,CAAC,SAAS,EAAE;YACd,MAAM,IAAI,qBAAa,CAAC,mBAAmB,CAAC,CAAC;SAC9C;QACD,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC5D,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;IACjC,CAAC;CACF;AAnBD,oDAmBC"}

package/lib/cmap/auth/mongodb_oidc.js

@@ -1,45 +1,58 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MongoDBOIDC = exports.OIDC_WORKFLOWS = void 0;
+exports.MongoDBOIDC = exports.OIDC_WORKFLOWS = exports.OIDC_VERSION = void 0;
 const error_1 = require("../../error");
 const auth_provider_1 = require("./auth_provider");
-const aws_service_workflow_1 = require("./mongodb_oidc/aws_service_workflow");
-const azure_service_workflow_1 = require("./mongodb_oidc/azure_service_workflow");
-const callback_workflow_1 = require("./mongodb_oidc/callback_workflow");
+const azure_machine_workflow_1 = require("./mongodb_oidc/azure_machine_workflow");
+const gcp_machine_workflow_1 = require("./mongodb_oidc/gcp_machine_workflow");
+const token_cache_1 = require("./mongodb_oidc/token_cache");
+const token_machine_workflow_1 = require("./mongodb_oidc/token_machine_workflow");
 /** Error when credentials are missing. */
 const MISSING_CREDENTIALS_ERROR = 'AuthContext must provide credentials.';
+/** The current version of OIDC implementation. */
+exports.OIDC_VERSION = 1;
 /** @internal */
 exports.OIDC_WORKFLOWS = new Map();
-exports.OIDC_WORKFLOWS.set('callback', new callback_workflow_1.CallbackWorkflow());
-exports.OIDC_WORKFLOWS.set('aws', new aws_service_workflow_1.AwsServiceWorkflow());
-exports.OIDC_WORKFLOWS.set('azure', new azure_service_workflow_1.AzureServiceWorkflow());
+exports.OIDC_WORKFLOWS.set('test', () => new token_machine_workflow_1.TokenMachineWorkflow(new token_cache_1.TokenCache()));
+exports.OIDC_WORKFLOWS.set('azure', () => new azure_machine_workflow_1.AzureMachineWorkflow(new token_cache_1.TokenCache()));
+exports.OIDC_WORKFLOWS.set('gcp', () => new gcp_machine_workflow_1.GCPMachineWorkflow(new token_cache_1.TokenCache()));
 /**
  * OIDC auth provider.
- * @experimental
  */
 class MongoDBOIDC extends auth_provider_1.AuthProvider {
     /**
      * Instantiate the auth provider.
      */
-    constructor() {
+    constructor(workflow) {
         super();
+        if (!workflow) {
+            throw new error_1.MongoInvalidArgumentError('No workflow provided to the OIDC auth provider.');
+        }
+        this.workflow = workflow;
     }
     /**
      * Authenticate using OIDC
      */
     async auth(authContext) {
         const { connection, reauthenticating, response } = authContext;
+        if (response?.speculativeAuthenticate?.done) {
+            return;
+        }
         const credentials = getCredentials(authContext);
-        const workflow = getWorkflow(credentials);
-        await workflow.execute(connection, credentials, reauthenticating, response);
+        if (reauthenticating) {
+            await this.workflow.reauthenticate(connection, credentials);
+        }
+        else {
+            await this.workflow.execute(connection, credentials, response);
+        }
     }
     /**
      * Add the speculative auth for the initial handshake.
      */
     async prepare(handshakeDoc, authContext) {
+        const { connection } = authContext;
         const credentials = getCredentials(authContext);
-        const workflow = getWorkflow(credentials);
-        const result = await workflow.speculativeAuth(credentials);
+        const result = await this.workflow.speculativeAuth(connection, credentials);
         return { ...handshakeDoc, ...result };
     }
 }
@@ -54,15 +67,4 @@ function getCredentials(authContext) {
     }
     return credentials;
 }
-/**
- * Gets either a device workflow or callback workflow.
- */
-function getWorkflow(credentials) {
-    const providerName = credentials.mechanismProperties.PROVIDER_NAME;
-    const workflow = exports.OIDC_WORKFLOWS.get(providerName || 'callback');
-    if (!workflow) {
-        throw new error_1.MongoInvalidArgumentError(`Could not load workflow for provider ${credentials.mechanismProperties.PROVIDER_NAME}`);
-    }
-    return workflow;
-}
 //# sourceMappingURL=mongodb_oidc.js.map

package/lib/cmap/auth/mongodb_oidc.js.map

@@ -1 +1 @@
-{"version":3,"file":"mongodb_oidc.js","sourceRoot":"","sources":["../../../src/cmap/auth/mongodb_oidc.ts"],"names":[],"mappings":";;;AAEA,uCAAsF;AAGtF,mDAAiE;AAEjE,8EAAyE;AACzE,kFAA6E;AAC7E,wEAAoE;AAEpE,0CAA0C;AAC1C,MAAM,yBAAyB,GAAG,uCAAuC,CAAC;AAuE1E,gBAAgB;AACH,QAAA,cAAc,GAAgC,IAAI,GAAG,EAAE,CAAC;AACrE,sBAAc,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,oCAAgB,EAAE,CAAC,CAAC;AACvD,sBAAc,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,yCAAkB,EAAE,CAAC,CAAC;AACpD,sBAAc,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,6CAAoB,EAAE,CAAC,CAAC;AAExD;;;GAGG;AACH,MAAa,WAAY,SAAQ,4BAAY;IAC3C;;OAEG;IACH;QACE,KAAK,EAAE,CAAC;IACV,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,IAAI,CAAC,WAAwB;QAC1C,MAAM,EAAE,UAAU,EAAE,gBAAgB,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC;QAC/D,MAAM,WAAW,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,QAAQ,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,WAAW,EAAE,gBAAgB,EAAE,QAAQ,CAAC,CAAC;IAC9E,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,OAAO,CACpB,YAA+B,EAC/B,WAAwB;QAExB,MAAM,WAAW,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,QAAQ,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAC3D,OAAO,EAAE,GAAG,YAAY,EAAE,GAAG,MAAM,EAAE,CAAC;IACxC,CAAC;CACF;AA9BD,kCA8BC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,WAAwB;IAC9C,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;IACpC,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,IAAI,oCAA4B,CAAC,yBAAyB,CAAC,CAAC;KACnE;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,WAA6B;IAChD,MAAM,YAAY,GAAG,WAAW,CAAC,mBAAmB,CAAC,aAAa,CAAC;IACnE,MAAM,QAAQ,GAAG,sBAAc,CAAC,GAAG,CAAC,YAAY,IAAI,UAAU,CAAC,CAAC;IAChE,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,iCAAyB,CACjC,wCAAwC,WAAW,CAAC,mBAAmB,CAAC,aAAa,EAAE,CACxF,CAAC;KACH;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}
+{"version":3,"file":"mongodb_oidc.js","sourceRoot":"","sources":["../../../src/cmap/auth/mongodb_oidc.ts"],"names":[],"mappings":";;;AAEA,uCAAsF;AAGtF,mDAAiE;AAEjE,kFAA6E;AAC7E,8EAAyE;AACzE,4DAAwD;AACxD,kFAA6E;AAE7E,0CAA0C;AAC1C,MAAM,yBAAyB,GAAG,uCAAuC,CAAC;AA2E1E,kDAAkD;AACrC,QAAA,YAAY,GAAG,CAAC,CAAC;AA2B9B,gBAAgB;AACH,QAAA,cAAc,GAAyC,IAAI,GAAG,EAAE,CAAC;AAC9E,sBAAc,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,IAAI,6CAAoB,CAAC,IAAI,wBAAU,EAAE,CAAC,CAAC,CAAC;AAC7E,sBAAc,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,6CAAoB,CAAC,IAAI,wBAAU,EAAE,CAAC,CAAC,CAAC;AAC9E,sBAAc,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,yCAAkB,CAAC,IAAI,wBAAU,EAAE,CAAC,CAAC,CAAC;AAE1E;;GAEG;AACH,MAAa,WAAY,SAAQ,4BAAY;IAG3C;;OAEG;IACH,YAAY,QAAmB;QAC7B,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,IAAI,iCAAyB,CAAC,iDAAiD,CAAC,CAAC;SACxF;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,IAAI,CAAC,WAAwB;QAC1C,MAAM,EAAE,UAAU,EAAE,gBAAgB,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC;QAC/D,IAAI,QAAQ,EAAE,uBAAuB,EAAE,IAAI,EAAE;YAC3C,OAAO;SACR;QACD,MAAM,WAAW,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;QAChD,IAAI,gBAAgB,EAAE;YACpB,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;SAC7D;aAAM;YACL,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;SAChE;IACH,CAAC;IAED;;OAEG;IACM,KAAK,CAAC,OAAO,CACpB,YAA+B,EAC/B,WAAwB;QAExB,MAAM,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC;QACnC,MAAM,WAAW,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAC5E,OAAO,EAAE,GAAG,YAAY,EAAE,GAAG,MAAM,EAAE,CAAC;IACxC,CAAC;CACF;AA1CD,kCA0CC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,WAAwB;IAC9C,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;IACpC,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,IAAI,oCAA4B,CAAC,yBAAyB,CAAC,CAAC;KACnE;IACD,OAAO,WAAW,CAAC;AACrB,CAAC"}

package/lib/cmap/auth/providers.js

@@ -11,7 +11,6 @@ exports.AuthMechanism = Object.freeze({
     MONGODB_SCRAM_SHA1: 'SCRAM-SHA-1',
     MONGODB_SCRAM_SHA256: 'SCRAM-SHA-256',
     MONGODB_X509: 'MONGODB-X509',
-    /** @experimental */
     MONGODB_OIDC: 'MONGODB-OIDC'
 });
 /** @internal */

package/lib/cmap/auth/providers.js.map

@@ -1 +1 @@
-{"version":3,"file":"providers.js","sourceRoot":"","sources":["../../../src/cmap/auth/providers.ts"],"names":[],"mappings":";;;AAAA,cAAc;AACD,QAAA,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC;IACzC,WAAW,EAAE,aAAa;IAC1B,UAAU,EAAE,YAAY;IACxB,eAAe,EAAE,SAAS;IAC1B,cAAc,EAAE,QAAQ;IACxB,aAAa,EAAE,OAAO;IACtB,kBAAkB,EAAE,aAAa;IACjC,oBAAoB,EAAE,eAAe;IACrC,YAAY,EAAE,cAAc;IAC5B,oBAAoB;IACpB,YAAY,EAAE,cAAc;CACpB,CAAC,CAAC;AAKZ,gBAAgB;AACH,QAAA,4BAA4B,GAAG,IAAI,GAAG,CAAgB;IACjE,qBAAa,CAAC,cAAc;IAC5B,qBAAa,CAAC,WAAW;IACzB,qBAAa,CAAC,YAAY;IAC1B,qBAAa,CAAC,YAAY;CAC3B,CAAC,CAAC"}
+{"version":3,"file":"providers.js","sourceRoot":"","sources":["../../../src/cmap/auth/providers.ts"],"names":[],"mappings":";;;AAAA,cAAc;AACD,QAAA,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC;IACzC,WAAW,EAAE,aAAa;IAC1B,UAAU,EAAE,YAAY;IACxB,eAAe,EAAE,SAAS;IAC1B,cAAc,EAAE,QAAQ;IACxB,aAAa,EAAE,OAAO;IACtB,kBAAkB,EAAE,aAAa;IACjC,oBAAoB,EAAE,eAAe;IACrC,YAAY,EAAE,cAAc;IAC5B,YAAY,EAAE,cAAc;CACpB,CAAC,CAAC;AAKZ,gBAAgB;AACH,QAAA,4BAA4B,GAAG,IAAI,GAAG,CAAgB;IACjE,qBAAa,CAAC,cAAc;IAC5B,qBAAa,CAAC,WAAW;IACzB,qBAAa,CAAC,YAAY;IAC1B,qBAAa,CAAC,YAAY;CAC3B,CAAC,CAAC"}

package/lib/cmap/connect.js

@@ -52,7 +52,7 @@ async function performInitialHandshake(conn, options) {
     const credentials = options.credentials;
     if (credentials) {
         if (!(credentials.mechanism === providers_1.AuthMechanism.MONGODB_DEFAULT) &&
-            !options.authProviders.getOrCreateProvider(credentials.mechanism)) {
+            !options.authProviders.getOrCreateProvider(credentials.mechanism, credentials.mechanismProperties)) {
             throw new error_1.MongoInvalidArgumentError(`AuthMechanism '${credentials.mechanism}' not supported`);
         }
     }
@@ -93,7 +93,7 @@ async function performInitialHandshake(conn, options) {
         // store the response on auth context
         authContext.response = response;
         const resolvedCredentials = credentials.resolveAuthMechanism(response);
-        const provider = options.authProviders.getOrCreateProvider(resolvedCredentials.mechanism);
+        const provider = options.authProviders.getOrCreateProvider(resolvedCredentials.mechanism, resolvedCredentials.mechanismProperties);
         if (!provider) {
             throw new error_1.MongoInvalidArgumentError(`No AuthProvider for ${resolvedCredentials.mechanism} defined.`);
         }
@@ -138,14 +138,14 @@ async function prepareHandshakeDocument(authContext) {
     if (credentials) {
         if (credentials.mechanism === providers_1.AuthMechanism.MONGODB_DEFAULT && credentials.username) {
             handshakeDoc.saslSupportedMechs = `${credentials.source}.${credentials.username}`;
-            const provider = authContext.options.authProviders.getOrCreateProvider(providers_1.AuthMechanism.MONGODB_SCRAM_SHA256);
+            const provider = authContext.options.authProviders.getOrCreateProvider(providers_1.AuthMechanism.MONGODB_SCRAM_SHA256, credentials.mechanismProperties);
             if (!provider) {
                 // This auth mechanism is always present.
                 throw new error_1.MongoInvalidArgumentError(`No AuthProvider for ${providers_1.AuthMechanism.MONGODB_SCRAM_SHA256} defined.`);
             }
             return await provider.prepare(handshakeDoc, authContext);
         }
-        const provider = authContext.options.authProviders.getOrCreateProvider(credentials.mechanism);
+        const provider = authContext.options.authProviders.getOrCreateProvider(credentials.mechanism, credentials.mechanismProperties);
         if (!provider) {
             throw new error_1.MongoInvalidArgumentError(`No AuthProvider for ${credentials.mechanism} defined.`);
         }