feat(NODE-5191): update oidc objects

Author: durran

src/cmap/auth/mongo_credentials.ts

@@ -43,6 +43,8 @@ export interface AuthMechanismProperties extends Document {
   REFRESH_TOKEN_CALLBACK?: OIDCRefreshFunction;
   /** @experimental */
   PROVIDER_NAME?: 'aws';
+  /** @experimental */
+  ALLOWED_HOSTS?: string[];
 }
 
 /** @public */

src/cmap/auth/mongodb_oidc.ts

@@ -11,11 +11,8 @@ import type { Workflow } from './mongodb_oidc/workflow';
  * @experimental
  */
 export interface OIDCMechanismServerStep1 {
-  authorizationEndpoint?: string;
-  tokenEndpoint?: string;
-  deviceAuthorizationEndpoint?: string;
+  issuer?: string;
   clientId: string;
-  clientSecret?: string;
   requestScopes?: string[];
 }
 
@@ -29,25 +26,33 @@ export interface OIDCRequestTokenResult {
   refreshToken?: string;
 }
 
+/**
+ * @public
+ * @experimental
+ */
+export interface OIDCClientInfo {
+  principalName: string;
+  timeoutSeconds?: number;
+  timeoutContext?: AbortSignal;
+}
+
 /**
  * @public
  * @experimental
  */
 export type OIDCRequestFunction = (
-  principalName: string,
-  serverResult: OIDCMechanismServerStep1,
-  timeout: AbortSignal | number
+  clientInfo: OIDCClientInfo,
+  serverInfo: OIDCMechanismServerStep1
 ) => Promise<OIDCRequestTokenResult>;
 
 /**
  * @public
  * @experimental
  */
 export type OIDCRefreshFunction = (
-  principalName: string,
-  serverResult: OIDCMechanismServerStep1,
-  result: OIDCRequestTokenResult,
-  timeout: AbortSignal | number
+  clientInfo: OIDCClientInfo,
+  serverInfo: OIDCMechanismServerStep1,
+  tokenResult: OIDCRequestTokenResult
 ) => Promise<OIDCRequestTokenResult>;
 
 type ProviderName = 'aws' | 'callback';

src/cmap/auth/mongodb_oidc/callback_workflow.ts

@@ -9,8 +9,8 @@ import { AuthMechanism } from '../providers';
 import { TokenEntryCache } from './token_entry_cache';
 import type { Workflow } from './workflow';
 
-/* 5 minutes in milliseconds */
-const TIMEOUT_MS = 300000;
+/* 5 minutes in seconds */
+const TIMEOUT_S = 300;
 
 /**
  * OIDC implementation of a callback based workflow.
@@ -134,12 +134,8 @@ export class CallbackWorkflow implements Workflow {
     const refresh = credentials.mechanismProperties.REFRESH_TOKEN_CALLBACK;
     // If a refresh callback exists, use it. Otherwise use the request callback.
     if (refresh) {
-      const result: OIDCRequestTokenResult = await refresh(
-        credentials.username,
-        stepOneResult,
-        tokenResult,
-        TIMEOUT_MS
-      );
+      const clientInfo = { principalName: credentials.username, timeoutSeconds: TIMEOUT_S };
+      const result: OIDCRequestTokenResult = await refresh(clientInfo, stepOneResult, tokenResult);
       // Validate the result.
       if (!result || !result.accessToken) {
         throw new MongoMissingCredentialsError(
@@ -182,7 +178,8 @@ export class CallbackWorkflow implements Workflow {
         'Auth mechanism property REQUEST_TOKEN_CALLBACK is required.'
       );
     }
-    const tokenResult = await request(credentials.username, stepOneResult, TIMEOUT_MS);
+    const clientInfo = { principalName: credentials.username, timeoutSeconds: TIMEOUT_S };
+    const tokenResult = await request(clientInfo, stepOneResult);
     // Validate the result.
     if (!tokenResult || !tokenResult.accessToken) {
       throw new MongoMissingCredentialsError(

src/index.ts

@@ -204,6 +204,7 @@ export type {
   MongoCredentialsOptions
 } from './cmap/auth/mongo_credentials';
 export type {
+  OIDCClientInfo,
   OIDCMechanismServerStep1,
   OIDCRefreshFunction,
   OIDCRequestFunction,