diff --git a/package-lock.json b/package-lock.json index bede39959..4b8a07138 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6881,9 +6881,9 @@ } }, "node_modules/@mongodb-js/oidc-plugin": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/@mongodb-js/oidc-plugin/-/oidc-plugin-2.0.4.tgz", - "integrity": "sha512-mB7kEK80+DD2QrB01GmtFKm02ItJpIO9j7OARMHI4RL+rVQD3Ey9giluf3xQtuSdcmg7a+bf5fkJgQZCWMvRPg==", + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@mongodb-js/oidc-plugin/-/oidc-plugin-2.0.5.tgz", + "integrity": "sha512-hCtqStgSaas7W+1ueCI6gJFNuM4scPpHe1S85+AOoFw6Q23HdhK7qdCBk2+IUkvdKmfRzOBtNglIFrlukhbmMg==", "license": "Apache-2.0", "dependencies": { "express": "^5.1.0", @@ -35689,7 +35689,7 @@ "version": "3.16.1", "license": "Apache-2.0", "dependencies": { - "@mongodb-js/oidc-plugin": "^2.0.4", + "@mongodb-js/oidc-plugin": "^2.0.5", "@mongosh/cli-repl": "2.5.8", "@mongosh/service-provider-core": "3.6.1", "strip-ansi": "^6.0.0" @@ -36142,7 +36142,7 @@ "license": "Apache-2.0", "dependencies": { "@mongodb-js/devtools-connect": "^3.9.4", - "@mongodb-js/oidc-plugin": "^2.0.4", + "@mongodb-js/oidc-plugin": "^2.0.5", "@mongosh/errors": "2.4.4", "@mongosh/service-provider-core": "3.6.1", "@mongosh/types": "^3.14.0", diff --git a/packages/e2e-tests/package.json b/packages/e2e-tests/package.json index c4d799edd..61d0b5831 100644 --- a/packages/e2e-tests/package.json +++ b/packages/e2e-tests/package.json @@ -29,7 +29,7 @@ "dependencies": { "@mongosh/cli-repl": "2.5.8", "@mongosh/service-provider-core": "3.6.1", - "@mongodb-js/oidc-plugin": "^2.0.4", + "@mongodb-js/oidc-plugin": "^2.0.5", "strip-ansi": "^6.0.0" }, "devDependencies": { diff --git a/packages/e2e-tests/test/e2e-oidc.spec.ts b/packages/e2e-tests/test/e2e-oidc.spec.ts index 2c3554628..08935926c 100644 --- a/packages/e2e-tests/test/e2e-oidc.spec.ts +++ b/packages/e2e-tests/test/e2e-oidc.spec.ts @@ -181,9 +181,29 @@ describe('OIDC auth e2e', function () { ); } - for (const useNonce of [true, false]) { - describe(`with nonce=${useNonce}`, function () { + function* nonceTestParameters(): Generator<{ + expectNonce: boolean; + provideNonce: boolean; + }> { + for (const expectNonce of [false, true]) { + for (const provideNonce of [false, true]) { + yield { expectNonce, provideNonce }; + } + } + } + + for (const { expectNonce, provideNonce } of nonceTestParameters()) { + describe(`with expectNonce=${expectNonce} provideNonce=${provideNonce}`, function () { it('can successfully authenticate using OIDC Auth Code Flow', async function () { + const originalGetPayload = getTokenPayload; + getTokenPayload = async (metadata) => { + const result = await originalGetPayload(metadata); + if (provideNonce === false) { + result.payload.nonce = undefined; + } + return result; + }; + const args = [ await testServer.connectionString(), '--authenticationMechanism=MONGODB-OIDC', @@ -191,17 +211,24 @@ describe('OIDC auth e2e', function () { `--browser=${fetchBrowserFixture}`, ]; - if (!useNonce) { + if (!expectNonce) { args.push('--oidcNoNonce'); } shell = this.startTestShell({ args, }); - await shell.waitForPrompt(); - - await verifyUser(shell, 'testuser', 'testServer-group'); - shell.assertNoErrors(); + if (!expectNonce || provideNonce) { + await shell.waitForPrompt(); + + await verifyUser(shell, 'testuser', 'testServer-group'); + shell.assertNoErrors(); + } else { + expect(await shell.waitForAnyExit()).to.equal(1); + shell.assertContainsOutput( + 'Error: invalid response encountered (caused by: JWT "nonce" (nonce) claim missing)' + ); + } }); }); } diff --git a/packages/service-provider-node-driver/package.json b/packages/service-provider-node-driver/package.json index ee3e4523d..04c29abff 100644 --- a/packages/service-provider-node-driver/package.json +++ b/packages/service-provider-node-driver/package.json @@ -48,7 +48,7 @@ }, "dependencies": { "@mongodb-js/devtools-connect": "^3.9.4", - "@mongodb-js/oidc-plugin": "^2.0.4", + "@mongodb-js/oidc-plugin": "^2.0.5", "@mongosh/errors": "2.4.4", "@mongosh/service-provider-core": "3.6.1", "@mongosh/types": "^3.14.0",