GODRIVER-2911: OIDC working

.evergreen/config.yml

@@ -2611,7 +2611,7 @@ buildvariants:
   - name: testoidc-variant
     display_name: "OIDC"
     run_on:
-      - rhel8.7-small
+      - ubuntu2204-large
     expansions:
       GO_DIST: "/opt/golang/go1.20"
     tasks:

cmd/testoidcauth/main.go

@@ -70,10 +70,12 @@ func machine_1_1_callbackIsCalled() {
 
 	coll := client.Database("test").Collection("test")
 
-	res := coll.FindOne(context.Background(), bson.D{})
-	if res == nil || res.Err() != nil {
+	_, err = coll.Find(context.Background(), bson.D{})
+	if err != nil {
 		log.Fatalf("machine_1_1_callbackIsCalled: failed executing FindOne: %v", err)
 	}
+	countMutex.Lock()
+	defer countMutex.Unlock()
 	if callbackCount != 1 {
 		log.Fatalf("machine_1_1_callbackIsCalled: expected callback count to be 1, got %d", callbackCount)
 	}

x/mongo/driver/auth/oidc.go

@@ -70,6 +70,7 @@ type OIDCAuthenticator struct {
 	OIDCMachineCallback     OIDCCallback
 	OIDCHumanCallback       OIDCCallback
 
+	userName     string
 	cfg          *Config
 	accessToken  string
 	refreshToken *string
@@ -79,6 +80,7 @@ type OIDCAuthenticator struct {
 
 func newOIDCAuthenticator(cred *Cred) (Authenticator, error) {
 	oa := &OIDCAuthenticator{
+		userName:                cred.Username,
 		AuthMechanismProperties: cred.Props,
 		OIDCMachineCallback:     cred.OIDCMachineCallback,
 		OIDCHumanCallback:       cred.OIDCHumanCallback,
@@ -87,6 +89,7 @@ func newOIDCAuthenticator(cred *Cred) (Authenticator, error) {
 }
 
 type oidcOneStep struct {
+	userName    string
 	accessToken string
 }
 
@@ -210,7 +213,6 @@ func (oa *OIDCAuthenticator) Reauth(ctx context.Context) error {
 
 // Auth authenticates the connection.
 func (oa *OIDCAuthenticator) Auth(ctx context.Context, cfg *Config) error {
-	fmt.Println("OIDC Auth!!!")
 	// the Mutex must be held during the entire Auth call so that multiple racing attempts
 	// to authenticate will not result in multiple callbacks. The losers on the Mutex will
 	// retrieve the access token from the Authenticator cache.
@@ -225,6 +227,7 @@ func (oa *OIDCAuthenticator) Auth(ctx context.Context, cfg *Config) error {
 
 	if oa.accessToken != "" {
 		err = ConductSaslConversation(ctx, cfg, "$external", &oidcOneStep{
+			userName:    oa.userName,
 			accessToken: oa.accessToken,
 		})
 		if err == nil {
@@ -274,13 +277,10 @@ func (oa *OIDCAuthenticator) doAuthMachine(ctx context.Context, cfg *Config, mac
 	if err != nil {
 		return err
 	}
-	err = ConductSaslConversation(ctx, cfg, "$external", &oidcOneStep{
-		accessToken: accessToken,
-	})
-	if err == nil {
-		return nil
-	}
-	return nil
+	return runSaslConversation(ctx,
+		cfg,
+		newSaslConversation(&oidcOneStep{accessToken: accessToken}, "$external", false),
+	)
 }
 
 // CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.

x/mongo/driver/auth/sasl.go

@@ -105,6 +105,7 @@ func (sc *saslConversation) Finish(ctx context.Context, cfg *Config, firstRespon
 		fullErr := fmt.Errorf("unmarshal error: %w", err)
 		return newError(fullErr, sc.mechanism)
 	}
+	fmt.Println("resp", saslResp)
 
 	cid := saslResp.ConversationID
 	var payload []byte
@@ -152,17 +153,23 @@ func (sc *saslConversation) Finish(ctx context.Context, cfg *Config, firstRespon
 	}
 }
 
-// ConductSaslConversation runs a full SASL conversation to authenticate the given connection.
+// ConductSaslConversation runs a full SASL conversation to authenticate the given connection, given
+// sasl arguments.
 func ConductSaslConversation(ctx context.Context, cfg *Config, authSource string, client SaslClient) error {
 	// Create a non-speculative SASL conversation.
 	conversation := newSaslConversation(client, authSource, false)
+	return runSaslConversation(ctx, cfg, conversation)
+}
 
+// runSaslConversation runs a SASL conversation to authenticate the given connection, given a
+// pre-built saslConversation.
+func runSaslConversation(ctx context.Context, cfg *Config, conversation *saslConversation) error {
 	saslStartDoc, err := conversation.FirstMessage()
 	if err != nil {
 		return newError(err, conversation.mechanism)
 	}
 	saslStartCmd := operation.NewCommand(saslStartDoc).
-		Database(authSource).
+		Database(conversation.source).
 		Deployment(driver.SingleConnectionDeployment{cfg.Connection}).
 		ClusterClock(cfg.ClusterClock).
 		ServerAPI(cfg.ServerAPI)