RUST-1662: Correctly handle Client and Connection caching, add Speculative Auth

.evergreen/config.yml

@@ -295,9 +295,9 @@ buildvariants:
 
   - name: oidc
     display_name: OIDC
-    patchable: false
+    patchable: true
     run_on:
-      - rhel87-small
+      - ubuntu2204-small
     expansions:
       AUTH: auth
       SSL: ssl

src/client/auth.rs

@@ -195,7 +195,7 @@ impl AuthMechanism {
                     ));
                 }
                 // TODO RUST-1660: Handle specific provider validation, perhaps also do Azure as
-                // part of this ticket.
+                // part of this ticket. Specific providers will add predefined oidc_callback here
                 if credential
                     .source
                     .as_ref()
@@ -279,7 +279,9 @@ impl AuthMechanism {
                 x509::build_speculative_client_first(credential),
             )))),
             Self::Plain => Ok(None),
-            Self::MongoDbOidc => Ok(None),
+            Self::MongoDbOidc => Ok(Some(ClientFirst::Oidc(Box::new(
+                oidc::build_speculative_client_first(credential),
+            )))),
             #[cfg(feature = "aws-auth")]
             AuthMechanism::MongoDbAws => Ok(None),
             AuthMechanism::MongoDbCr => Err(ErrorKind::Authentication {
@@ -332,7 +334,7 @@ impl AuthMechanism {
             }
             .into()),
             AuthMechanism::MongoDbOidc => {
-                oidc::authenticate_stream(stream, credential, server_api).await
+                oidc::authenticate_stream(stream, credential, server_api, None).await
             }
             _ => Err(ErrorKind::Authentication {
                 message: format!("Authentication mechanism {:?} not yet implemented.", self),
@@ -459,6 +461,9 @@ impl Credential {
                 FirstRound::X509(server_first) => {
                     x509::authenticate_stream(conn, self, server_api, server_first).await
                 }
+                FirstRound::Oidc(server_first) => {
+                    oidc::authenticate_stream(conn, self, server_api, server_first).await
+                }
             };
         }
 
@@ -517,13 +522,15 @@ impl Debug for Credential {
 pub(crate) enum ClientFirst {
     Scram(ScramVersion, scram::ClientFirst),
     X509(Box<Command>),
+    Oidc(Box<Command>),
 }
 
 impl ClientFirst {
     pub(crate) fn to_document(&self) -> Document {
         match self {
             Self::Scram(version, client_first) => client_first.to_command(version).body,
             Self::X509(command) => command.body.clone(),
+            Self::Oidc(command) => command.body.clone(),
         }
     }
 
@@ -537,6 +544,7 @@ impl ClientFirst {
                 },
             ),
             Self::X509(..) => FirstRound::X509(server_first),
+            Self::Oidc(..) => FirstRound::Oidc(server_first),
         }
     }
 }
@@ -547,6 +555,7 @@ impl ClientFirst {
 pub(crate) enum FirstRound {
     Scram(ScramVersion, scram::FirstRound),
     X509(Document),
+    Oidc(Document),
 }
 
 pub(crate) fn generate_nonce_bytes() -> [u8; 32] {