Engineer(s): Steve Silvester 2024-05-24: Holding until 7.0.11 release, planned for next week. No major updates; minor tweak to the connection string planned. 2024-05-09: GA design is complete. Python and Java have released versions with full workload support. Node and C# are in final review. The GA announcement is delayed due to server release issues with 7.0.9 and 7.0.10. Engineer(s): Steve Silvester 2024-04-25: All tickets in the epic are now in Teams Implementing Python has a release with full support C# has a release with partial support, working on GCP Java and Node are on track, in code review Still targeting a 30 Apr GA date Engineer(s): Steve Silvester 2024-04-11: GCP specification is merged OIDC spec cleanup is in final review Teams are on track for 30 Apr GA User-facing documentation is next up Engineer(s): Steve Silvester 2024-03-30: Ensured successful customer demo in Azure AKS and ASE Merged Azure spec Converted Atlas clusters to use Atlas UI for config, uncovered bugs in the Atlas UI for workload IdPs Engineer(s): Steve Silvester 2024-03-15: Completed end-to-end tests in Azure ASE and AKS for customer demo Continued work on Azure spec and OIDC spec improvements Engineer(s): Matt Dale 2024-01-23: Expected timeline for spec approval: Jan 26 What was completed over the last two weeks? Unified the "machine" and "human" OIDC auth specs into a single spec that should be easier for drivers to implement incrementally (i.e. start with machine flow, extend to human flow if necessary). Made the OIDC callback APIs more idiomatic and flexible based on feedback from different drivers engineers. Expanded OIDC prose and spec tests. What's the focus over the next two weeks? Get OIDC PR approved by everyone and merged. Extend OIDC spec to include Azure built-in OIDC provider integration. Risks DPoP will introduce some changes to the human auth flow and callback API. The current spec should be flexible enough to allow those additions, but there is still some risk that unexpected complexity can disrupt the spec timeline. It's not clear when we will be able to test GCP auth; depends on changes in the server, and then on setting up a GCP OIDC provider to test with. Engineer(s): Matt Dale 2023-12-12: Estimate 1 more week to finish the spec PR review and merge it; should be ready for driver implementation the week of Dec 25. Accomplished in the last two weeks: Finish OIDC prose tests. Working with Steve to implement the updated spec and prose tests in Python. DRIVERS-2672 PR is in review; responding to feedback from stakeholders. Planned for the next two weeks: Pausing on OIDC/ DRIVERS-2672 this week to work on GODRIVER-3039, which is needed by Cloud Backup before Q1 to support MongoDB 7.3 Finish reviewing the spec PR and merge it. Risks/blockers: High-priority Go driver work has been pushing out OIDC work. For example, a broken v1.13.0 release caused security errors and strong negative user feedback. Also the upcoming work to support Cloud Backup will also push out OIDC. Engineer(s): Matt Dale 2023-11-28: Accomplished in the last two weeks: Draft of OIDC machine workflow specification put up for review. Created proof-of-concept implementation in the Go driver to validate spec requirements. Work with Maxim to validate caching implementation in the Java driver and update the specification based on edge cases discovered. Added unified spec tests and validated in Java and Go drivers. Planned for the next two weeks: Review OIDC machine workflow specification. Add more unified spec and prose tests for OIDC machine workflow. Work with Java, Python, and Node teams to implement OIDC machine workflow. Risks/blockers: Access token caching and expiry turn out to be complex issues and are taking longer than expected to spec and test. For now, we're relying on the server to tell the driver to rotate the access token (using the ReauthenticationRequired error), but that can cause performance issues for some use cases. We will need to amend the OIDC spec later to require that drivers attempt to rotate the access token before getting a ReauthenticationRequired error. Engineer(s): Steve Silvester 2023-05-12: Python PR merged C# implementation near completion, but has been paused to unblock Rust on the logging work ( DRIVERS-1204 ) Node will be the second implementer 2023-04-28: Planning to merge the final spec PR today, to unblock Node and Shell. Python and C# implementations are in final review. 2023-04-18 Working through edge cases of cache and reauthorization behavior, aiming to wrap up this week. 2023-03-31 Final tech design incorporating WRITING-14037 is in review. 2023-03-020 Looking into the impact of WRITING-14037 Risk of Phishing Access Tokens from Clients Using OIDC Authentication on the Drivers. Hope to be finished with the tech design by the end of this week. 2023-03-07 Implementation continuing for Python, C#, Node, and Java 2023-02-16 Teams currently implementing: Python, C#, Node, and Java Wrapping up the specification as the C# team wraps up their implementation No other risks