Skip to content

Commit fc5ef5a

Browse files
authored
DOCSP-40348: disallow commas in oidc prop val (#553)
* DOCSP-40348: disallow commas in oidc prop val * fix * AS PR fixes 1 * MK tech review * MK changes * MK changes
1 parent ec428ed commit fc5ef5a

File tree

1 file changed

+25
-9
lines changed

1 file changed

+25
-9
lines changed

source/fundamentals/enterprise-auth.txt

Lines changed: 25 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -317,17 +317,25 @@ If your application runs on an Azure VM, or otherwise uses the
317317
support.
318318

319319
You can specify Azure IMDS OIDC authentication either by
320-
using a ``MongoCredential`` or as part of the connection string. Select the
321-
:guilabel:`Connection String` or :guilabel:`MongoCredential` tab to
320+
using a ``MongoCredential`` or as part of the connection string.
321+
322+
Select from the :guilabel:`Connection String` or :guilabel:`MongoCredential` tabs to
322323
see the corresponding syntax.
323324

324325
.. tabs::
325326

326327
.. tab:: Connection String
327328
:tabid: mongodb-azure-imds-connection-string
328329

329-
Replace the ``<percent-encoded audience>`` placeholder with the percent-encoded
330-
value of the ``audience`` server parameter configured on your MongoDB deployment.
330+
Replace the ``<percent-encoded audience>`` placeholder in the
331+
following code with the percent-encoded value of the audience server
332+
parameter configured on your MongoDB deployment.
333+
334+
The comma (``,``) character and its encoding (``%2C``) are
335+
reserved, and using these characters in a value causes the
336+
driver to interpret commas as delimiters of key-value pairs.
337+
You must specify values that contain commas in a ``MongoCredential`` instance, as
338+
demonstrated in the :guilabel:`MongoCredential` tab.
331339

332340
.. code-block:: java
333341

@@ -360,25 +368,33 @@ see the corresponding syntax.
360368
.. _java-mongodb-oidc-gcp-imds:
361369

362370
GCP IMDS
363-
++++++++++
371+
++++++++
364372

365373
If your application runs on a GCP VM, or otherwise uses the
366374
`GCP Instance Metadata Service <https://cloud.google.com/compute/docs/metadata/querying-metadata>`__,
367375
you can authenticate to MongoDB by using {+driver-short+}'s built-in GCP
368376
support.
369377

370378
You can specify GCP IMDS OIDC authentication either by
371-
using a ``MongoCredential`` or as part of the connection string. Select the
372-
:guilabel:`Connection String` or :guilabel:`MongoCredential` tab to
379+
using a ``MongoCredential`` or as part of the connection string.
380+
381+
Select from the :guilabel:`Connection String` or :guilabel:`MongoCredential` tabs to
373382
see the corresponding syntax.
374383

375384
.. tabs::
376385

377386
.. tab:: Connection String
378387
:tabid: mongodb-gcp-imds-connection-string
379388

380-
Replace the ``<percent-encoded audience>`` placeholder with the percent-encoded
381-
value of the ``audience`` server parameter configured on your MongoDB deployment.
389+
Replace the ``<percent-encoded audience>`` placeholder in the
390+
following code with the percent-encoded value of the audience server
391+
parameter configured on your MongoDB deployment.
392+
393+
The comma (``,``) character and its encoding (``%2C``) are
394+
reserved, and using these characters in a value causes the
395+
driver to interpret commas as delimiters of key-value pairs.
396+
You must specify values that contain commas in a ``MongoCredential`` instance, as
397+
demonstrated in the :guilabel:`MongoCredential` tab.
382398

383399
.. code-block:: java
384400

0 commit comments

Comments
 (0)