diff --git a/source/fundamentals/authentication/oidc.txt b/source/fundamentals/authentication/oidc.txt index dae82f66..66ebb19d 100644 --- a/source/fundamentals/authentication/oidc.txt +++ b/source/fundamentals/authentication/oidc.txt @@ -79,8 +79,6 @@ using a ``MongoCredential`` object or as part of the connection string. Select t :guilabel:`Connection String` or :guilabel:`MongoCredential` tab to see the corresponding syntax. -.. include:: /includes/comma-auth-options.rst - .. tabs:: .. tab:: Connection String @@ -127,8 +125,6 @@ using a ``MongoCredential`` object or as part of the connection string. Select t :guilabel:`Connection String` or :guilabel:`MongoCredential` tab to see the corresponding syntax. -.. include:: /includes/comma-auth-options.rst - .. tabs:: .. tab:: Connection String @@ -159,11 +155,51 @@ see the corresponding syntax. .WithMechanismProperty("TOKEN_RESOURCE", ""); var client = new MongoClient(mongoClientSettings); +Kubernetes +~~~~~~~~~~ + +If your application runs on a Kubernetes cluster, you can authenticate to MongoDB by using +the {+driver-short+}'s built-in Kubernetes support. + +You can specify Kubernetes OIDC authentication on a ``MongoClientSettings`` object either by +using a ``MongoCredential`` object or as part of the connection string. Select the +:guilabel:`Connection String` or :guilabel:`MongoCredential` tab to +see the corresponding syntax. + +.. tabs:: + + .. tab:: Connection String + :tabid: oidc-kubernetes-connection-string + + The following code example shows how to specify Kubernetes OIDC authentication as + part of the connection string: + + .. code-block:: csharp + + var connectionString = "mongodb://[:]/?authMechanism=MONGODB-OIDC" + + "&authMechanismProperties=ENVIRONMENT:k8s"; + var mongoClientSettings = MongoClientSettings.FromConnectionString(connectionString); + var client = new MongoClient(mongoClientSettings); + + .. tab:: MongoCredential + :tabid: oidc-kubernetes-mongo-credential + + The following code example shows how to specify Kubernetes OIDC authentication by using + a ``MongoCredential`` object: + + .. code-block:: csharp + + var mongoClientSettings = MongoClientSettings.FromConnectionString( + "mongodb://[:]"); + mongoClientSettings.Credential = MongoCredential + .CreateOidcCredential("k8s") + var client = new MongoClient(mongoClientSettings); + Custom Callback ~~~~~~~~~~~~~~~ The {+driver-short+} doesn't offer built-in support for all platforms, including -Azure Functions and Azure Kubernetes Service (AKS). Instead, you +Azure Functions. Instead, you must define a custom callback to use OIDC to authenticate from these platforms. First, define a class that implements the ``IOidcCallback`` interface. This interface diff --git a/source/includes/comma-auth-options.rst b/source/includes/comma-auth-options.rst index a5ac6ac4..4e7a9042 100644 --- a/source/includes/comma-auth-options.rst +++ b/source/includes/comma-auth-options.rst @@ -1,6 +1,5 @@ .. note:: - You cannot pass values containing the comma (``,``) character to the - ``authMechanismProperties`` connection string parameter. - You must specify values that contain commas in a ``MongoCredential`` object, - as demonstrated in the :guilabel:`MongoCredential` tab. \ No newline at end of file + If you pass a value containing the comma (``,``) character to the + ``authMechanismProperties`` connection string parameter, you must + percent-encode the comma character as ``%2C``. \ No newline at end of file