fix(deps): bump oidc-plugin, add regression test MONGOSH-2884

Author: addaleax

packages/e2e-tests/package.json

@@ -29,7 +29,7 @@
   "dependencies": {
     "@mongosh/cli-repl": "2.5.8",
     "@mongosh/service-provider-core": "3.6.1",
-    "@mongodb-js/oidc-plugin": "^2.0.4",
+    "@mongodb-js/oidc-plugin": "^2.0.5",
     "strip-ansi": "^6.0.0"
   },
   "devDependencies": {

packages/e2e-tests/test/e2e-oidc.spec.ts

@@ -181,27 +181,54 @@ describe('OIDC auth e2e', function () {
     );
   }
 
-  for (const useNonce of [true, false]) {
-    describe(`with nonce=${useNonce}`, function () {
+  function* nonceTestParameters(): Generator<{
+    expectNonce: boolean;
+    provideNonce: boolean;
+  }> {
+    for (const expectNonce of [false, true]) {
+      for (const provideNonce of [false, true]) {
+        yield { expectNonce, provideNonce };
+      }
+    }
+  }
+
+  for (const { expectNonce, provideNonce } of nonceTestParameters()) {
+    describe(`with expectNonce=${expectNonce} provideNonce=${provideNonce}`, function () {
       it('can successfully authenticate using OIDC Auth Code Flow', async function () {
+        const originalGetPayload = getTokenPayload;
+        getTokenPayload = async (metadata) => {
+          const result = await originalGetPayload(metadata);
+          if (provideNonce === false) {
+            result.payload.nonce = undefined;
+          }
+          return result;
+        };
+
         const args = [
           await testServer.connectionString(),
           '--authenticationMechanism=MONGODB-OIDC',
           '--oidcRedirectUri=http://localhost:0/',
           `--browser=${fetchBrowserFixture}`,
         ];
 
-        if (!useNonce) {
+        if (!expectNonce) {
           args.push('--oidcNoNonce');
         }
 
         shell = this.startTestShell({
           args,
         });
-        await shell.waitForPrompt();
-
-        await verifyUser(shell, 'testuser', 'testServer-group');
-        shell.assertNoErrors();
+        if (!expectNonce || provideNonce) {
+          await shell.waitForPrompt();
+
+          await verifyUser(shell, 'testuser', 'testServer-group');
+          shell.assertNoErrors();
+        } else {
+          expect(await shell.waitForAnyExit()).to.equal(1);
+          shell.assertContainsOutput(
+            'Error: invalid response encountered (caused by: JWT "nonce" (nonce) claim missing)'
+          );
+        }
       });
     });
   }

packages/service-provider-node-driver/package.json

@@ -48,7 +48,7 @@
   },
   "dependencies": {
     "@mongodb-js/devtools-connect": "^3.9.4",
-    "@mongodb-js/oidc-plugin": "^2.0.4",
+    "@mongodb-js/oidc-plugin": "^2.0.5",
     "@mongosh/errors": "2.4.4",
     "@mongosh/service-provider-core": "3.6.1",
     "@mongosh/types": "^3.14.0",