The Go driver is not in compliance with the auth spec, which states: "Drivers SHOULD raise an error as early as possible when detecting invalid values in a credential."

GODRIVER-920 show us a case where the driver attempts auth only with an authentication source which is not sufficient to construct a valid credential.

If GODRIVER-920 is considered "works as designed" to attempt authentication based on the presence of an authSource (which I think is an unfortunate "read as written" not "read as intended" situation), it should still error early on credential construction because SCRAM requires a username to be specified and thus the driver should not be attempting a handshake with the database with an invalid credential.