DOCSP-44349-OIDC-additions (#437) (#440)

jason-price-mongodb · jason-price-mongodb · web-flow · commit e245087b9314 · 2024-10-14T11:19:33.000-07:00
* DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions * DOCSP-44349-OIDC-additions --------- Co-authored-by: jason-price-mongodb <jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com>
diff --git a/source/reference/authentication.txt b/source/reference/authentication.txt
@@ -28,9 +28,15 @@ In the :ref:`connection string <connections-connection-options>`, set
 :urioption:`authMechanismProperties` as needed:
 
 - For Microsoft Azure, set ``authMechanismProperties`` to
-  ``ENVIRONMENT:azure``
+  ``ENVIRONMENT:azure,TOKEN_RESOURCE:<audience>``. Note:
+  Omit ``TOKEN_RESOURCE`` if using Microsoft Azure Kubernetes
+  Service (AKS).
 - For Google Cloud Platform, set ``authMechanismProperties`` to
-  ``ENVIRONMENT:gcp``
+  ``ENVIRONMENT:gcp,TOKEN_RESOURCE:<audience>``.
+
+Replace ``<audience>`` with the application or service that the access
+token is intended for. For more details, see :ref:`Identity Provider
+Fields <oidcidentityproviders-fields>`.
 
 For details about connection string options, see
 :ref:`connection-string-auth-options`.
@@ -45,16 +51,16 @@ Microsoft Azure Instance Metadata Service (IMDS):
 
    ./bin/mongosync \
          --logPath /var/log/mongosync \
-         --cluster0 "mongodb://clusterOne01.fancyCorp.com:20020,clusterOne02.fancyCorp.com:20020,clusterOne03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure" \
-         --cluster1 "mongodb://clusterTwo01.fancyCorp.com:20020,clusterTwo02.fancyCorp.com:20020,clusterTwo03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure"
+         --cluster0 "mongodb://clusterOne01.fancyCorp.com:20020,clusterOne02.fancyCorp.com:20020,clusterOne03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:https://www.example.com" \
+         --cluster1 "mongodb://clusterTwo01.fancyCorp.com:20020,clusterTwo02.fancyCorp.com:20020,clusterTwo03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:https://www.example.com"
 
 .. _c2c-authentication-azure-managed-identities-example:
 
-Connect to MongoDB Clusters Using Microsoft Azure Managed Identities
+Connect to MongoDB Clusters Using Microsoft Azure Kubernetes Service
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-To connect to MongoDB clusters using Microsoft Azure Managed Identities
-and federated authentication, define these environment variables:
+To connect to MongoDB clusters using Microsoft Azure Kubernetes Service,
+define these environment variables:
 
 .. list-table::
    :header-rows: 1
@@ -70,7 +76,8 @@ and federated authentication, define these environment variables:
      - Azure application client identifier.
 
    * - ``AZURE_CLIENT_ID``
-     - Azure client identifier.
+     - Azure client identifier of the managed identity to authenticate
+       with.
 
    * - ``AZURE_FEDERATED_TOKEN_FILE``
      - Azure federated token file path.
@@ -79,7 +86,7 @@ For details about Azure and the variables, see the Microsoft Azure
 documentation.
 
 The following ``mongosync`` example defines the environment variables
-and connects to MongoDB clusters in Microsoft Azure:
+and connects to MongoDB clusters:
 
 .. code-block:: shell
 
@@ -92,6 +99,8 @@ and connects to MongoDB clusters in Microsoft Azure:
          --cluster0 "mongodb://clusterOne01.fancyCorp.com:20020,clusterOne02.fancyCorp.com:20020,clusterOne03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure" \
          --cluster1 "mongodb://clusterTwo01.fancyCorp.com:20020,clusterTwo02.fancyCorp.com:20020,clusterTwo03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:azure"
 
+``TOKEN_RESOURCE`` isn't required for this example.
+
 Connect to MongoDB Clusters in Google Cloud Platform
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -102,8 +111,8 @@ Google Cloud Platform:
 
    ./bin/mongosync \
          --logPath /var/log/mongosync \
-         --cluster0 "mongodb://clusterOne01.fancyCorp.com:20020,clusterOne02.fancyCorp.com:20020,clusterOne03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp" \
-         --cluster1 "mongodb://clusterTwo01.fancyCorp.com:20020,clusterTwo02.fancyCorp.com:20020,clusterTwo03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp"
+         --cluster0 "mongodb://clusterOne01.fancyCorp.com:20020,clusterOne02.fancyCorp.com:20020,clusterOne03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:https://www.example.com" \
+         --cluster1 "mongodb://clusterTwo01.fancyCorp.com:20020,clusterTwo02.fancyCorp.com:20020,clusterTwo03.fancyCorp.com:20020/?authMechanism=MONGODB-OIDC&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:https://www.example.com"
 
 No environment variables are required for Google Cloud Platform.
 
