OpenID connect was introduced into MongoDB and is preview state.
Cool feature that allows to manage users centrally, nice!
However, I have tried to use this MONGODB-OIDC authentication means in Java Driver (under Spring Boot) but got and error that it not supported. Is there any driver build to use that supports it? When this support is planned in Java Driver?
Hi @Igor_Prokopenkov - what are you trying to achieve with Java driver support. Here is a few details for you:
- We will have support for your workforce (employees, partners, i.e. human users) and for your workloads (i.e. your applications). Workforce Identity Federation uses OIDC protocol with Authorization Code Flow and Device Authorization flows. It is currently under public preview. Workload Identity Federation (for your workloads) is using OAuth2 and currently under development. It will allow you to use Azure service principals, managed identities, GCP service accounts and any third party OAuth2 provider to authenticate to MongoDB Atlas clusters.
- Workforce Identity Federation is supported by our own clients mongosh and Compass. We’ll open it to customers and partners by the end of July. Our drivers don’t control the handshake with IdP.
- Workload Identity Federation and Workforce Identity Federation will be globally available at the end of April in Atlas. If you’re self hosted customer you would need to wait a little more for Workload Identity Federation support.
Thank you for the response.
I’ll make it simple - given that we have a MongoDB cluster with OIDC support (preview) via Azure Entra, can I use current Java driver to authorize workload (Spring Boot application) against “technical” users (Azure service principle) stored in Entra using OIDC auth, e.g. no local users present in the cluster at all.
The case is following - we have backend Spring Boot application that is using MongoDB as a database, and it needs to athenticate against centalized user management in Entra instead of local users database.
Hi @Fuat_Ertunc thank you for your answer.
That is exactly what we are looking for. As I understood from your answer, this feature will be available in the end of April, correct? Do you have plans to add support of this option (authenticate to MongoDB Atlas using Azure service principal) in Java driver? Is this driver available now for testing (as beta driver)? Thanks!