Skip to content

DRIVERS-3207: Custom AWS credential providers execute earlier #1838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

DRIVERS-3207: Custom AWS credential providers execute earlier #1838

wants to merge 8 commits into from

Conversation

durran
Copy link
Member

@durran durran commented Sep 9, 2025
edited
Loading

Updates the AWS auth spec to require drivers that implement custom AWS credential providers to use the custom provider before any other method.

Updates test wording to include the extra scenario for testing a custom provider when explicit credentials are also provided.

Node implementation: mongodb/node-mongodb-native#4656

Please complete the following before merging:

  • Update changelog.
  • Test changes in at least one language driver.
  • Test these changes against all server versions and topologies (including standalone, replica set, and sharded
    clusters).

@durran durran force-pushed the DRIVERS-3207 branch 2 times, most recently from 174d5cb to b2ae9b3 Compare September 9, 2025 18:03
@durran durran marked this pull request as ready for review September 10, 2025 12:47
@durran durran requested a review from a team as a code owner September 10, 2025 12:47
@durran durran requested review from JamesKovacs and removed request for a team September 10, 2025 12:47
baileympearson
baileympearson requested changes Sep 10, 2025
View reviewed changes
dariakp
dariakp requested changes Sep 10, 2025
View reviewed changes
@dariakp dariakp self-assigned this Sep 10, 2025
@durran
Copy link
Member Author

durran commented Sep 11, 2025

#1838 (comment)

I have added a prose test for FLE in case 26. Case 15 I don't believe is relevant as it pertains to automatic credential fetching, which means nothing is provided. Even with the changes in this PR the order on automatic credential fetching is the same.

@durran durran requested a review from a team as a code owner September 11, 2025 13:29
@durran durran requested review from katcharov and removed request for a team September 11, 2025 13:29
@durran
Copy link
Member Author

durran commented Sep 11, 2025

#1838 (comment)

Added link.

@durran durran changed the title DRIVERS-3207: Custom AWS credential providers execute first DRIVERS-3207: Custom AWS credential providers execute earlier Sep 12, 2025
dariakp
dariakp requested changes Sep 15, 2025
View reviewed changes
@dariakp dariakp requested review from atesteve and removed request for JamesKovacs September 15, 2025 23:06
@durran durran requested a review from dariakp September 16, 2025 10:45
@dariakp dariakp removed the request for review from atesteve September 16, 2025 18:45
katcharov
katcharov reviewed Sep 16, 2025
View reviewed changes
source/auth/auth.md
Comment on lines +964 to +965
Drivers MAY allow the user to specify a custom credential provider object or function. See
[Custom Credential Providers](#custom-credential-providers)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would this be similar to

specifications/source/auth/auth.md

Lines 1298 to 1303 in 3dc84d1

- OIDC_CALLBACK
An [OIDC Callback](#oidc-callback) that returns OIDC credentials. Drivers MAY allow the user to specify an
[OIDC Callback](#oidc-callback) using a `MongoClient` configuration instead of a mechanism property, depending on
what is idiomatic for the driver. Drivers MUST NOT support both the `OIDC_CALLBACK` mechanism property and a
`MongoClient` configuration.
? If so, consider using similar wording.

@katcharov katcharov requested a review from kevinAlbs September 16, 2025 19:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@katcharov katcharov katcharov left review comments

@blink1073 blink1073 blink1073 approved these changes

@baileympearson baileympearson Awaiting requested review from baileympearson

@dariakp dariakp Awaiting requested review from dariakp

@kevinAlbs kevinAlbs Awaiting requested review from kevinAlbs

Requested changes must be addressed to merge this pull request.

Assignees

@dariakp dariakp

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@durran @katcharov @blink1073 @baileympearson @dariakp