Squashed commit of the following:

commit ddf20eb
Author: Mike Woofter <[email protected]>
Date:   Wed Apr 24 08:52:12 2024 -0500

    remove aws eks

commit 375ff2b
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 15:02:16 2024 -0500

    add quotes to key

commit 5f58b4c
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 15:00:33 2024 -0500

    js feedback

commit 6cd1518
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 12:49:09 2024 -0500

    links

commit c9cabca
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 12:44:10 2024 -0500

    add to usage examples

commit 6dd50d1
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 12:17:56 2024 -0500

    refactor

commit 61d2d7d
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 12:08:24 2024 -0500

    fix

commit 3d5c068
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 12:05:16 2024 -0500

    refactor

commit ef9a110
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 11:53:29 2024 -0500

    refactor aws eks

commit feeffda
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 11:41:04 2024 -0500

    formatting

commit 60c102e
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 11:32:30 2024 -0500

    refactor code

commit 8d1a1b7
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 10:39:13 2024 -0500

    fixes

commit 2eeaaea
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 09:19:22 2024 -0500

    autobuilder

commit fbd5272
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 09:03:32 2024 -0500

    autobuilder

commit 650922d
Author: Mike Woofter <[email protected]>
Date:   Tue Apr 23 08:33:49 2024 -0500

    first draft

Author: mongoKart

source/includes/authentication/azure-envs-connection-string.py

@@ -0,0 +1,17 @@
+from pymongo import MongoClient
+from azure.identity import DefaultAzureCredential
+from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult
+
+# define callback, properties, URI, and MongoClient
+audience = "<percent-encoded application or service that the OIDC access token is intended for>"
+client_id = "<Azure identity client ID>"
+class MyCallback(OIDCCallback):
+    def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult:
+        credential = DefaultAzureCredential(managed_identity_client_id=client_id)
+        token = credential.get_token(f"{audience}/.default").token
+        return OIDCCallbackResult(access_token=token) 
+properties = {"OIDC_CALLBACK": MyCallback()}
+uri = ("mongodb://<hostname>:<port>/?"
+       "&authMechanism=MONGODB-OIDC"
+       "&authMechanismProperties=properties")
+client = MongoClient(uri)

source/includes/authentication/azure-envs-mongoclient.py

@@ -0,0 +1,18 @@
+from pymongo import MongoClient
+from azure.identity import DefaultAzureCredential
+from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult
+         
+# define callback, properties, and MongoClient
+audience = "<percent-encoded application or service that the OIDC access token is intended for>"
+client_id = "<Azure identity client ID>"
+class MyCallback(OIDCCallback):
+    def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult:
+        credential = DefaultAzureCredential(managed_identity_client_id=client_id)
+        token = credential.get_token(f"{audience}/.default").token
+        return OIDCCallbackResult(access_token=token) 
+properties = {"OIDC_CALLBACK": MyCallback()}
+client = MongoClient(
+   "mongodb://<hostname>:<port>",
+   authMechanism="MONGODB-OIDC",
+   authMechanismProperties=properties,
+)

source/includes/authentication/azure-imds-connection-string.py

@@ -0,0 +1,9 @@
+from pymongo import MongoClient
+
+# define properties, URI, and MongoClient
+properties = {"ENVIRONMENT": "azure", "TOKEN_RESOURCE": "<audience>"}
+uri = ("mongodb://<hostname>:<port>/?"
+       "username=<Azure identity client ID>"
+       "&authMechanism=MONGODB-OIDC"
+       "&authMechanismProperties=properties")
+client = MongoClient(uri)

source/includes/authentication/azure-imds-mongoclient.py

@@ -0,0 +1,10 @@
+from pymongo import MongoClient
+
+# define properties and MongoClient
+properties = {"ENVIRONMENT": "azure", "TOKEN_RESOURCE": "<audience>"}
+client = MongoClient(
+    "mongodb://<hostname>:<port>",
+    username="<Azure identity client ID>",
+    authMechanism="MONGODB-OIDC",
+    authMechanismProperties=properties,
+)

source/includes/authentication/gcp-gke-connection-string.py

@@ -0,0 +1,14 @@
+from pymongo import MongoClient
+from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult
+
+# define callback, properties, URI, and MongoClient
+class MyCallback(OIDCCallback):
+    def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult:
+        with open("/var/run/secrets/kubernetes.io/serviceaccount/token") as fid:
+            token = fid.read()
+        return OIDCCallbackResult(access_token=token)
+properties = {"OIDC_CALLBACK": MyCallback()}
+uri = ("mongodb://<hostname>:<port>/?"
+       "&authMechanism=MONGODB-OIDC"
+       "&authMechanismProperties=properties")
+client = MongoClient(uri)

source/includes/authentication/gcp-gke-mongoclient.py

@@ -0,0 +1,15 @@
+from pymongo import MongoClient
+from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult
+         
+# define callback, properties, and MongoClient
+class MyCallback(OIDCCallback):
+    def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult:
+        with open("/var/run/secrets/kubernetes.io/serviceaccount/token") as fid:
+            token = fid.read()
+        return OIDCCallbackResult(access_token=token)
+properties = {"OIDC_CALLBACK": MyCallback()}
+client = MongoClient(
+   "mongodb://<hostname>:<port>",
+   authMechanism="MONGODB-OIDC",
+   authMechanismProperties=properties,
+)

source/includes/authentication/gcp-imds-connection-string.py

@@ -0,0 +1,9 @@
+from pymongo import MongoClient
+
+# define properties, URI, and MongoClient
+properties = {"ENVIRONMENT": "gcp", "TOKEN_RESOURCE": "<audience>"}
+uri = ("mongodb://<hostname>:<port>/?"
+       "username=<GCP identity client ID>"
+       "&authMechanism=MONGODB-OIDC"
+       "&authMechanismProperties=properties")
+client = MongoClient(uri)

source/includes/authentication/gcp-imds-mongoclient.py

@@ -0,0 +1,10 @@
+from pymongo import MongoClient
+
+# define properties and MongoClient
+properties = {"ENVIRONMENT": "gcp", "TOKEN_RESOURCE": "<audience>"}
+client = MongoClient(
+   "mongodb://<hostname>:<port>",
+   username="<GCP identity client ID>",
+   authMechanism="MONGODB-OIDC",
+   authMechanismProperties=properties,
+)

source/security.txt

@@ -358,7 +358,7 @@ Unix
          client = pymongo.MongoClient(uri)
 
 To learn more about authenticating with Kerberos, see
-:ref:`pymongo-kerberos` in the Authentication guide.
+:ref:`pymongo-kerberos` in the Enterprise Authentication guide.
 
 Windows
 ~~~~~~~
@@ -393,7 +393,7 @@ Windows
                client = pymongo.MongoClient(uri)
 
 To learn more about authenticating with Kerberos, see
-:ref:`pymongo-kerberos` in the Authentication guide.
+:ref:`pymongo-kerberos` in the Enterprise Authentication guide.
 
 PLAIN SASL
 ----------
@@ -426,4 +426,95 @@ PLAIN SASL
          client = pymongo.MongoClient(uri)
 
 To learn more about authenticating with PLAIN SASL, see
-:ref:`pymongo-sasl` in the Authentication guide.
+:ref:`pymongo-sasl` in the Enterprise Authentication guide.
+
+MONGODB-OIDC
+------------
+
+Azure IMDS
+~~~~~~~~~~
+
+.. tabs::
+
+   .. tab:: MongoClient
+      :tabid: mongoclient
+
+      .. literalinclude:: /includes/authentication/azure-imds-mongoclient.py
+            :language: python
+            :copyable: true
+
+   .. tab:: Connection String
+      :tabid: connectionstring
+
+      .. literalinclude:: /includes/authentication/azure-imds-connection-string.py
+            :language: python
+            :copyable: true
+
+To learn more about authenticating with OIDC, see
+:ref:`pymongo-mongodb-oidc-azure-imds` in the Authentication guide.
+
+GCP IMDS
+~~~~~~~~
+
+.. tabs::
+
+   .. tab:: MongoClient
+      :tabid: mongoclient
+
+      .. literalinclude:: /includes/authentication/gcp-imds-mongoclient.py
+            :language: python
+            :copyable: true
+
+   .. tab:: Connection String
+      :tabid: connectionstring
+
+      .. literalinclude:: /includes/authentication/gcp-imds-connection-string.py
+            :language: python
+            :copyable: true
+
+To learn more about authenticating with OIDC, see
+:ref:`pymongo-mongodb-oidc-gcp-imds` in the Authentication guide.
+
+Other Azure Environments
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. tabs::
+
+   .. tab:: MongoClient
+      :tabid: mongoclient
+
+      .. literalinclude:: /includes/authentication/azure-envs-mongoclient.py
+            :language: python
+            :copyable: true
+
+   .. tab:: Connection String
+      :tabid: connectionstring
+
+      .. literalinclude:: /includes/authentication/azure-envs-connection-string.py
+            :language: python
+            :copyable: true
+
+To learn more about authenticating with OIDC, see
+:ref:`pymongo-mongodb-oidc-azure-envs` in the Authentication guide.
+
+GCP GKE
+~~~~~~~
+
+.. tabs::
+
+   .. tab:: MongoClient
+      :tabid: mongoclient
+
+      .. literalinclude:: /includes/authentication/gcp-gke-mongoclient.py
+            :language: python
+            :copyable: true
+
+   .. tab:: Connection String
+      :tabid: connectionstring
+
+      .. literalinclude:: /includes/authentication/gcp-gke-connection-string.py
+            :language: python
+            :copyable: true
+
+To learn more about authenticating with OIDC, see
+:ref:`pymongo-mongodb-oidc-gcp-gke` in the Authentication guide.