@@ -186,7 +186,13 @@ public final class MongoCredential {
186186 public static final String AWS_CREDENTIAL_PROVIDER_KEY = "AWS_CREDENTIAL_PROVIDER" ;
187187
188188 /**
189- * The environment. The value must be a string.
189+ * Mechanism property key for specifying the environment for OIDC.
190+ * The value must be either "gcp" or "azure".
191+ * The environment determines how the driver should obtain an access token,
192+ * as an alternative to supplying a callback.
193+ * <p>
194+ * The "gcp" and "azure" environments require
195+ * {@link MongoCredential#TOKEN_RESOURCE_KEY} to be specified.
190196 * <p>
191197 * If this is provided,
192198 * {@link MongoCredential#OIDC_CALLBACK_KEY} and
@@ -200,6 +206,7 @@ public final class MongoCredential {
200206 public static final String ENVIRONMENT_KEY = "ENVIRONMENT" ;
201207
202208 /**
209+ * Mechanism property key for the OIDC callback.
203210 * This callback is invoked when the OIDC-based authenticator requests
204211 * a token. The type of the value must be {@link OidcCallback}.
205212 * {@link IdpInfo} will not be supplied to the callback,
@@ -216,6 +223,7 @@ public final class MongoCredential {
216223 public static final String OIDC_CALLBACK_KEY = "OIDC_CALLBACK" ;
217224
218225 /**
226+ * Mechanism property key for the OIDC human callback.
219227 * This callback is invoked when the OIDC-based authenticator requests
220228 * a token from the identity provider (IDP) using the IDP information
221229 * from the MongoDB server. The type of the value must be
@@ -232,7 +240,7 @@ public final class MongoCredential {
232240
233241
234242 /**
235- * Mechanism key for a list of allowed hostnames or ip-addresses for MongoDB connections. Ports must be excluded.
243+ * Mechanism property key for a list of allowed hostnames or ip-addresses for MongoDB connections. Ports must be excluded.
236244 * The hostnames may include a leading "*." wildcard, which allows for matching (potentially nested) subdomains.
237245 * When MONGODB-OIDC authentication is attempted against a hostname that does not match any of list of allowed hosts
238246 * the driver will raise an error. The type of the value must be {@code List<String>}.
@@ -256,7 +264,8 @@ public final class MongoCredential {
256264 "*.mongodb.net" , "*.mongodb-qa.net" , "*.mongodb-dev.net" , "*.mongodbgov.net" , "localhost" , "127.0.0.1" , "::1" ));
257265
258266 /**
259- * The token resource.
267+ * Mechanism property key for specifying he URI of the target resource (sometimes called the audience),
268+ * used in some OIDC environments.
260269 *
261270 * @see MongoCredential#ENVIRONMENT_KEY
262271 * @see #createOidcCredential(String)
@@ -420,6 +429,7 @@ public static MongoCredential createAwsCredential(@Nullable final String userNam
420429 * @since 5.1
421430 * @see #withMechanismProperty(String, Object)
422431 * @see #ENVIRONMENT_KEY
432+ * @see #TOKEN_RESOURCE_KEY
423433 * @see #OIDC_CALLBACK_KEY
424434 * @see #OIDC_HUMAN_CALLBACK_KEY
425435 * @see #ALLOWED_HOSTS_KEY
@@ -675,13 +685,17 @@ public interface OidcCallbackContext {
675685 int getVersion ();
676686
677687 /**
678- * @return The OIDC Identity Provider's configuration that can be used to acquire an Access Token.
688+ * @return The OIDC Identity Provider's configuration that can be used
689+ * to acquire an Access Token, or null if not using a
690+ * {@linkplain MongoCredential#OIDC_HUMAN_CALLBACK_KEY human callback.}
679691 */
680692 @ Nullable
681693 IdpInfo getIdpInfo ();
682694
683695 /**
684- * @return The OIDC Refresh token supplied by a prior callback invocation.
696+ * @return The OIDC Refresh token supplied by a prior callback invocation,
697+ * or null if no token was supplied, or if not using a
698+ * {@linkplain MongoCredential#OIDC_HUMAN_CALLBACK_KEY human callback.}
685699 */
686700 @ Nullable
687701 String getRefreshToken ();
0 commit comments