diff --git a/source/fundamentals/authentication/enterprise-mechanisms.txt b/source/fundamentals/authentication/enterprise-mechanisms.txt index ba5aeae8..81c68ad0 100644 --- a/source/fundamentals/authentication/enterprise-mechanisms.txt +++ b/source/fundamentals/authentication/enterprise-mechanisms.txt @@ -7,7 +7,7 @@ Enterprise Authentication Mechanisms .. contents:: On this page :local: :backlinks: none - :depth: 1 + :depth: 2 :class: singlecol .. facet:: @@ -21,8 +21,8 @@ In this guide, you can find sample code for connection to MongoDB with each authentication mechanism available in the MongoDB Enterprise Edition: ``Kerberos (GSSAPI/SSPI)``, ``LDAP (PLAIN)``, and ``MONGODB-OIDC``. -``Kerberos (GSSAPI/SSPI)`` --------------------------- +Kerberos (GSSAPI/SSPI) +---------------------- .. note:: The Node.js driver supports Kerberos on UNIX using the MIT Kerberos library @@ -102,8 +102,8 @@ The following code sample authenticates to Kerberos for UNIX using ``GSSAPI``. `GSSAPI RFC-4652 `_, the SASL mechanism. -``LDAP (PLAIN)`` ----------------- +LDAP (PLAIN) +------------ The ``PLAIN`` authentication mechanism uses your username and password to authenticate to a Lightweight Directory Access Protocol (LDAP) server. @@ -226,12 +226,35 @@ The following code example shows how to set the preceding connection options: + "&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:"; const client = new MongoClient(uri); +Kubernetes +~~~~~~~~~~ + +If your application runs on a Kubernetes cluster, you can authenticate to MongoDB by using +the {+driver-short+}'s built-in Kubernetes support. + +To specify Kubernetes OIDC as the authentication mechanism, set the following +options in your connection string: + +- ``authMechanism``: Set to ``MONGODB-OIDC``. +- ``authMechanismProperties``: Set to ``ENVIRONMENT:k8s``. + +The following code example shows how to set the preceding connection options: + +.. code-block:: js + :emphasize-lines: 3-4 + + import { MongoClient } from "mongodb"; + + const uri = "mongodb://:/?authMechanism=MONGODB-OIDC" + + "&authMechanismProperties=ENVIRONMENT:k8s"; + const client = new MongoClient(uri); + Custom Callback ~~~~~~~~~~~~~~~ The {+driver-short+} doesn't offer built-in support for all platforms, including -Azure Functions and Azure Kubernetes Service (AKS). Instead, you -must define a custom callback to use OIDC to authenticate from these platforms. +Azure Functions. Instead, you must define a custom callback to use OIDC to +authenticate from these platforms. First, define a function that retrieves the access token to use for OIDC authentication. This function must have the following signature: