From 0ddf7f1741fa5a9a0c2207381c84e55f07b14515 Mon Sep 17 00:00:00 2001
From: Anna Henningsen <anna@addaleax.net>
Date: Fri, 8 Aug 2025 13:12:36 +0200
Subject: [PATCH] fix: keep using customFetch implementation for new
 `Configuration` instance MONGOSH-2444

---
 src/plugin.spec.ts | 45 +++++++++++++++++++++++++++++++++++++++++++++
 src/plugin.ts      |  4 ++++
 2 files changed, 49 insertions(+)

diff --git a/src/plugin.spec.ts b/src/plugin.spec.ts
index c5a4f7c..cd16af7 100644
--- a/src/plugin.spec.ts
+++ b/src/plugin.spec.ts
@@ -1454,6 +1454,51 @@ describe('OIDC plugin (mock OIDC provider)', function () {
       expect(allOutboundRequests).to.deep.equal(allInboundRequests);
     });
 
+    // Regression test for https://jira.mongodb.org/browse/MONGOSH-2444
+    it('correctly keeps tracking after serialization and deserialization', async function () {
+      const tokenEndpointRequests: any[] = [];
+      let serializedState: string | undefined;
+
+      getTokenPayload = () => {
+        return { ...tokenPayload, expires_in: 5 };
+      };
+
+      const runPlugin = async () => {
+        const plugin = createMongoDBOIDCPlugin({
+          openBrowserTimeout: 60_000,
+          openBrowser: fetchBrowser,
+          allowedFlows: ['auth-code'],
+          redirectURI: 'http://localhost:0/callback',
+          serializedState,
+          throwOnIncompatibleSerializedState: true,
+        });
+
+        plugin.logger.on(
+          'mongodb-oidc-plugin:outbound-http-request-completed',
+          (ev) => {
+            if (
+              ev.status === 200 &&
+              new URL(ev.url).pathname.endsWith('/token')
+            )
+              tokenEndpointRequests.push(ev);
+          }
+        );
+
+        await requestToken(plugin, {
+          issuer: provider.issuer,
+          clientId: 'mockclientid',
+          requestScopes: [],
+        });
+        serializedState = await plugin.serialize();
+      };
+
+      expect(tokenEndpointRequests).to.have.lengthOf(0);
+      await runPlugin();
+      expect(tokenEndpointRequests).to.have.lengthOf(1);
+      await runPlugin();
+      expect(tokenEndpointRequests).to.have.lengthOf(2);
+    });
+
     it('allows node-fetch as a custom HTTP fetch client', async function () {
       const customFetch = sinon.stub().callsFake(fetch);
       const plugin = createMongoDBOIDCPlugin({
diff --git a/src/plugin.ts b/src/plugin.ts
index c6187cb..efd9eb7 100644
--- a/src/plugin.ts
+++ b/src/plugin.ts
@@ -487,6 +487,7 @@ export class MongoDBOIDCPluginImpl implements MongoDBOIDCPlugin {
           redirect_uri: redirectURI,
         }
       );
+      config[customFetch] = this.fetch;
       if (
         validateSecureHTTPUrl(config.serverMetadata().issuer, 'issuer') ===
         'http-allowed'
@@ -544,6 +545,9 @@ export class MongoDBOIDCPluginImpl implements MongoDBOIDCPlugin {
     );
     validateSecureHTTPUrl(config.serverMetadata().jwks_uri, 'jwks_uri');
 
+    // Should already have been set by the discovery call, but doesn't hurt to make sure
+    config[customFetch] = this.fetch;
+
     state.config = config;
     return {
       scope: makeScope(config.serverMetadata()),