feat(connection-form): add option to prefer ID token over access token COMPASS-8107 (#6129)

addaleax · web-flow · commit a9cfc54d13fc · 2024-08-16T23:22:11.000+02:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/atlas-service/package.json b/packages/atlas-service/package.json
@@ -80,7 +80,7 @@
     "@mongodb-js/compass-utils": "^0.6.9",
     "@mongodb-js/devtools-connect": "^3.2.5",
     "@mongodb-js/devtools-proxy-support": "^0.3.5",
-    "@mongodb-js/oidc-plugin": "^1.0.0",
+    "@mongodb-js/oidc-plugin": "^1.1.1",
     "hadron-app-registry": "^9.2.2",
     "compass-preferences-model": "^2.26.0",
     "electron": "^29.4.5",
diff --git a/packages/atlas-service/src/main.spec.ts b/packages/atlas-service/src/main.spec.ts
@@ -331,7 +331,7 @@ describe('CompassAuthServiceMain', function () {
       } as any;
       await CompassAuthService.init(preferences, {} as any);
       CompassAuthService['config'] = defaultConfig;
-      expect(getListenerCount(logger)).to.eq(27);
+      expect(getListenerCount(logger)).to.eq(30);
       // We did all preparations, reset sinon history for easier assertions
       sandbox.resetHistory();
 
diff --git a/packages/connection-form/src/components/advanced-options-tabs/authentication-tab/authentication-oidc.spec.tsx b/packages/connection-form/src/components/advanced-options-tabs/authentication-tab/authentication-oidc.spec.tsx
@@ -118,6 +118,27 @@ describe('Authentication OIDC Connection Form', function () {
       });
     });
 
+    it('handles the Use ID token instead of Access Token checkbox', async function () {
+      fireEvent.click(screen.getByText('Use ID token instead of Access Token'));
+      await expectToConnectWith({
+        connectionString:
+          'mongodb://localhost:27017/?authMechanism=MONGODB-OIDC&authSource=%24external',
+        oidc: {
+          passIdTokenAsAccessToken: true,
+        },
+      });
+    });
+
+    it('handles the Use ID token instead of Access Token checkbox on and off', async function () {
+      fireEvent.click(screen.getByText('Use ID token instead of Access Token'));
+      fireEvent.click(screen.getByText('Use ID token instead of Access Token'));
+      await expectToConnectWith({
+        connectionString:
+          'mongodb://localhost:27017/?authMechanism=MONGODB-OIDC&authSource=%24external',
+        oidc: {},
+      });
+    });
+
     it('handles the Consider Target Endpoint Trusted checkbox', async function () {
       fireEvent.click(screen.getByText('Consider Target Endpoint Trusted'));
       await expectToConnectWith({
diff --git a/packages/connection-form/src/components/advanced-options-tabs/authentication-tab/authentication-oidc.tsx b/packages/connection-form/src/components/advanced-options-tabs/authentication-tab/authentication-oidc.tsx
@@ -121,6 +121,38 @@ function AuthenticationOIDC({
             />
           </FormFieldContainer>
 
+          <FormFieldContainer>
+            <Checkbox
+              onChange={({
+                target: { checked },
+              }: React.ChangeEvent<HTMLInputElement>) => {
+                if (checked) {
+                  return handleFieldChanged('passIdTokenAsAccessToken', true);
+                }
+
+                return handleFieldChanged(
+                  'passIdTokenAsAccessToken',
+                  undefined
+                );
+              }}
+              data-testid="oidc-pass-id-token-as-access-token"
+              id="oidc-pass-id-token-as-access-token"
+              label={
+                <>
+                  <Label htmlFor="oidc-pass-id-token-as-access-token">
+                    Use ID token instead of Access Token
+                  </Label>
+                  <Description>
+                    Use ID tokens instead of access tokens to work around
+                    misconfigured or broken identity providers. This will only
+                    work if the server is configured correspondingly.
+                  </Description>
+                </>
+              }
+              checked={!!connectionOptions.oidc?.passIdTokenAsAccessToken}
+            />
+          </FormFieldContainer>
+
           {showOIDCDeviceAuthFlow && (
             <FormFieldContainer>
               <Checkbox
diff --git a/packages/data-service/package.json b/packages/data-service/package.json
@@ -67,7 +67,7 @@
     "@mongodb-js/devtools-docker-test-envs": "^1.3.2",
     "@mongodb-js/eslint-config-compass": "^1.1.4",
     "@mongodb-js/mocha-config-compass": "^1.3.10",
-    "@mongodb-js/oidc-plugin": "^1.0.0",
+    "@mongodb-js/oidc-plugin": "^1.1.1",
     "@mongodb-js/prettier-config-compass": "^1.0.2",
     "@mongodb-js/tsconfig-compass": "^1.0.4",
     "@types/lodash": "^4.14.188",
