Duplicates for values within authMechanismProperties have surprisingly different behavior from how other duplicate URI options are handled. For example, the following produces no warning:

example-client mongodb://u:p@localhost/?authMechanismProperties=SERVICE_NAME:a,SERVICE_NAME:b

Additionally, unlike other URI options, since authMechanismProperties are stored without duplicate checking, when they're retrieved (e.g. here) we'll use the first occurrence ("a" in the example above) which differs from other URI duplicate options handling where we will use the value of the last occurrence and warn. E.g.

example-client "mongodb://localhost/?serverSelectionTimeoutMS=1000&serverSelectionTimeoutMS=500"

Produces a warning:

2019/10/09 12:32:43.0476: [49764]:  WARNING:       mongoc: Overwriting previously provided value for 'serverSelectionTimeoutMS'

And would use the value 500.

Note, I think this is technically spec-compliant since duplicate URI options is undefined.

Note, the auth spec says:

Naming of mechanism properties MUST be case-insensitive. For instance, SERVICE_NAME and service_name refer to the same property.