mongodb-js
diff --git a/‎THIRD-PARTY-NOTICES.md‎
Lines changed: 1 addition & 1 deletion b/‎THIRD-PARTY-NOTICES.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎package-lock.json‎
Lines changed: 86 additions & 26 deletions b/‎package-lock.json‎
Lines changed: 86 additions & 26 deletions
diff --git a/‎packages/atlas-service/src/main.spec.ts‎
Lines changed: 39 additions & 2 deletions b/‎packages/atlas-service/src/main.spec.ts‎
Lines changed: 39 additions & 2 deletions
diff --git a/‎packages/atlas-service/src/main.ts‎
Lines changed: 23 additions & 2 deletions b/‎packages/atlas-service/src/main.ts‎
Lines changed: 23 additions & 2 deletions
diff --git a/‎packages/compass-aggregations/package.json‎
Lines changed: 2 additions & 2 deletions b/‎packages/compass-aggregations/package.json‎
Lines changed: 2 additions & 2 deletions
@@ -1,5 +1,5 @@
 The following third-party software is used by and included in **Mongodb Compass**.
-This document was automatically generated on Sun Sep 24 2023.
+This document was automatically generated on Mon Sep 25 2023.
 
 ## List of dependencies
 
 
@@ -124,7 +124,9 @@ describe('AtlasServiceMain', function () {
       expect(
         mockOidcPlugin.mongoClientOptions.authMechanismProperties
           .REQUEST_TOKEN_CALLBACK
-      ).to.have.been.calledOnce;
+        // two times because we need to explicitly request token first to show a
+        // proper error message from oidc plugin in case of failed sign in
+      ).to.have.been.calledTwice;
       expect(userInfo).to.have.property('sub', '1234');
     });
 
@@ -139,7 +141,42 @@ describe('AtlasServiceMain', function () {
       expect(
         mockOidcPlugin.mongoClientOptions.authMechanismProperties
           .REQUEST_TOKEN_CALLBACK
-      ).to.have.been.calledOnce;
+        // two times because we need to explicitly request token first to show a
+        // proper error message from oidc plugin in case of failed sign in
+      ).to.have.been.calledTwice;
+    });
+
+    it('should fail with oidc-plugin error first if auth failed', async function () {
+      AtlasService['fetch'] = sandbox.stub().resolves({
+        ok: false,
+        json: sandbox.stub().rejects(),
+        status: 401,
+        statusText: 'Unauthorized',
+      });
+      AtlasService['plugin'] = {
+        mongoClientOptions: {
+          authMechanismProperties: {
+            REQUEST_TOKEN_CALLBACK: sandbox
+              .stub()
+              .rejects(
+                new Error(
+                  'Failed to request token for some specific plugin reason'
+                )
+              ),
+            REFRESH_TOKEN_CALLBACK: sandbox.stub().rejects(),
+          },
+        },
+      } as any;
+
+      try {
+        await AtlasService.signIn();
+        expect.fail('Expected AtlasService.signIn to throw');
+      } catch (err) {
+        expect(err).to.have.property(
+          'message',
+          'Failed to request token for some specific plugin reason'
+        );
+      }
     });
   });
 
 
@@ -42,6 +42,7 @@ import { SecretStore, SECRET_STORE_KEY } from './secret-store';
 import { AtlasUserConfigStore } from './user-config-store';
 import { OidcPluginLogger } from './oidc-plugin-logger';
 import { getActiveUser } from 'compass-preferences-model';
+import { spawn } from 'child_process';
 
 const { log, track } = createLoggerAndTelemetry('COMPASS-ATLAS-SERVICE');
 
@@ -172,8 +173,24 @@ export class AtlasService {
 
   private static config: AtlasServiceConfig;
 
-  private static openExternal(...args: Parameters<typeof shell.openExternal>) {
-    return shell?.openExternal(...args);
+  private static openExternal(url: string) {
+    const { browserCommandForOIDCAuth } = preferences.getPreferences();
+    if (browserCommandForOIDCAuth) {
+      // NB: While it's possible to pass `openBrowser.command` option directly
+      // to oidc-plugin properties, it's not possible to do dynamically. To
+      // avoid recreating oidc-plugin every time user changes
+      // `browserCommandForOIDCAuth` preference (which will cause loosing
+      // internal plugin auth state), we copy oidc-plugin `openBrowser.command`
+      // option handling to our openExternal method
+      const child = spawn(browserCommandForOIDCAuth, [url], {
+        shell: true,
+        stdio: 'ignore',
+        detached: true,
+      });
+      child.unref();
+      return child;
+    }
+    return shell.openExternal(url);
   }
 
   private static getAllowedAuthFlows(): AuthFlowType[] {
@@ -335,6 +352,10 @@ export class AtlasService {
         log.info(mongoLogId(1_001_000_218), 'AtlasService', 'Starting sign in');
 
         try {
+          // We first request oauth token just so we can get a proper auth error
+          // from oidc-plugin. If we only run getUserInfo, the only thing users
+          // will see is "401 unauthorized" as the reason for sign in failure
+          await this.requestOAuthToken({ signal });
           const userInfo = await this.getUserInfo({ signal });
           log.info(
             mongoLogId(1_001_000_219),
 
@@ -46,7 +46,7 @@
     "@mongodb-js/compass-user-data": "^0.1.2",
     "@mongodb-js/compass-utils": "^0.4.0",
     "@mongodb-js/explain-plan-helper": "^1.1.2",
-    "@mongodb-js/mongodb-constants": "^0.7.1",
+    "@mongodb-js/mongodb-constants": "^0.8.3",
     "@mongodb-js/mongodb-redux-common": "^2.0.11",
     "bson": "^6.0.0",
     "compass-preferences-model": "^2.14.0",
@@ -106,7 +106,7 @@
     "@mongodb-js/compass-user-data": "^0.1.2",
     "@mongodb-js/compass-utils": "^0.4.0",
     "@mongodb-js/explain-plan-helper": "^1.1.2",
-    "@mongodb-js/mongodb-constants": "^0.7.1",
+    "@mongodb-js/mongodb-constants": "^0.8.3",
     "@mongodb-js/mongodb-redux-common": "^2.0.11",
     "bson": "^6.0.0",
     "compass-preferences-model": "^2.14.0",