Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2960

Clarify Reauthentication and Speculative Authentication combination behavior

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Unresolved
    • Priority: Icon: Unknown Unknown
    • None
    • Component/s: Authentication
    • None
    • Needed
    • Hide

      Summary of necessary driver changes

      • Auth spec was clarified to ignore speculative auth results on re-authentication requests

      Commits for syncing spec/prose tests
      (and/or refer to an existing language POC if needed)

      • Additional prose test created to ensure the behavior.
      Show
      Summary of necessary driver changes Auth spec was clarified to ignore speculative auth results on re-authentication requests Commits for syncing spec/prose tests (and/or refer to an existing language POC if needed) Additional prose test created to ensure the behavior.
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-5674 Backlog
      CXX-3090 Backlog
      CSHARP-5239 Fixed 3.0.0
      GODRIVER-3308 Backlog 2.1.0
      JAVA-5577 Investigating
      NODE-6340 Backlog
      MOTOR-1357 Duplicate
      PYTHON-4672 Fixed 4.9
      PHPLIB-1498 Blocked
      RUBY-3536 Backlog
      RUST-2020 Backlog
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-5674 Backlog CXX-3090 Backlog CSHARP-5239 Fixed 3.0.0 GODRIVER-3308 Backlog 2.1.0 JAVA-5577 Investigating NODE-6340 Backlog MOTOR-1357 Duplicate PYTHON-4672 Fixed 4.9 PHPLIB-1498 Blocked RUBY-3536 Backlog RUST-2020 Backlog

      Summary

      The issue was discovered during re-factoring of authentication layer of C# Driver. The problem occurs when Speculative Authentication was used to establish OIDC-enabled connection, and then client got the Reauthentication request from the server. In C# Driver we followed the defined by spec behavior: clean OIDC credentials cache and perform regular authentication flow. But the problem is in fact that the very first step of the auth flow is to try Speculative Response from the original Hello response. For single-step OIDC authentication flow the original Speculative Response contains positively completed response (Done attribute is set to true) so in fact Driver did nothing to obtain a new credentials and authenticate the connection.

      Motivation

      Who is the affected end user?

      OIDC-enabled environments.

      How does this affect the end user?

      Reauthentication request will be ignored by Driver resulting (probably) with connection error or infinite loop depending on server behavior.

      How likely is it that this problem or use case will occur?

      Looks like an edge case when Speculative Authentication and Reauthentication combined together.

      Is this ticket only for tests?

      Nope.

            Assignee:
            oleksandr.poliakov@mongodb.com Oleksandr Poliakov
            Reporter:
            oleksandr.poliakov@mongodb.com Oleksandr Poliakov
            Steven Silvester Steven Silvester
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: