Skip to content

Commit

Permalink
DOCSP-44256 Add Kubernetes Support for OIDC (#950)
Browse files Browse the repository at this point in the history
* DOCSP-44256 Add Kubernetes Support for OIDC

* edits and remove monospace from titles

* change depth to 2

* tech review fix for import
  • Loading branch information
lindseymoore authored Dec 16, 2024
1 parent b12b677 commit 3e0e04e
Showing 1 changed file with 30 additions and 7 deletions.
37 changes: 30 additions & 7 deletions source/fundamentals/authentication/enterprise-mechanisms.txt
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Enterprise Authentication Mechanisms
.. contents:: On this page
:local:
:backlinks: none
:depth: 1
:depth: 2
:class: singlecol

.. facet::
Expand All @@ -21,8 +21,8 @@ In this guide, you can find sample code for connection to MongoDB with each
authentication mechanism available in the MongoDB Enterprise Edition:
``Kerberos (GSSAPI/SSPI)``, ``LDAP (PLAIN)``, and ``MONGODB-OIDC``.

``Kerberos (GSSAPI/SSPI)``
--------------------------
Kerberos (GSSAPI/SSPI)
----------------------

.. note::
The Node.js driver supports Kerberos on UNIX using the MIT Kerberos library
Expand Down Expand Up @@ -102,8 +102,8 @@ The following code sample authenticates to Kerberos for UNIX using ``GSSAPI``.
`GSSAPI RFC-4652 <https://tools.ietf.org/html/rfc4752>`_, the SASL
mechanism.

``LDAP (PLAIN)``
----------------
LDAP (PLAIN)
------------

The ``PLAIN`` authentication mechanism uses your username and password to
authenticate to a Lightweight Directory Access Protocol (LDAP) server.
Expand Down Expand Up @@ -226,12 +226,35 @@ The following code example shows how to set the preceding connection options:
+ "&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:<audience>";
const client = new MongoClient(uri);

Kubernetes
~~~~~~~~~~

If your application runs on a Kubernetes cluster, you can authenticate to MongoDB by using
the {+driver-short+}'s built-in Kubernetes support.

To specify Kubernetes OIDC as the authentication mechanism, set the following
options in your connection string:

- ``authMechanism``: Set to ``MONGODB-OIDC``.
- ``authMechanismProperties``: Set to ``ENVIRONMENT:k8s``.

The following code example shows how to set the preceding connection options:

.. code-block:: js
:emphasize-lines: 3-4

import { MongoClient } from "mongodb";

const uri = "mongodb://<hostname>:<port>/?authMechanism=MONGODB-OIDC"
+ "&authMechanismProperties=ENVIRONMENT:k8s";
const client = new MongoClient(uri);

Custom Callback
~~~~~~~~~~~~~~~

The {+driver-short+} doesn't offer built-in support for all platforms, including
Azure Functions and Azure Kubernetes Service (AKS). Instead, you
must define a custom callback to use OIDC to authenticate from these platforms.
Azure Functions. Instead, you must define a custom callback to use OIDC to
authenticate from these platforms.

First, define a function that retrieves the access token to use for OIDC authentication.
This function must have the following signature:
Expand Down

0 comments on commit 3e0e04e

Please sign in to comment.