When doing authentication by db.RunCommand() , it always says: (BadValue) Auth mechanism not specified. The official documentation says mechanism is optional. Even I set it as {“mechanism”, “SCRAM-SHA-256”}, still not work.
It’s confusing, any suggestion is appreciated.
MongoDB server version: 4.4.1
go: 1.15
go driver: v1.4.3
May be shell version mismatch
Make sure you are connected to admin DB
Hi Ramachandra,
Thanks for reply.
I noticed this thread, I didn’t use mongo shell, but go driver.
I already used admin DB for authentication: db := client.Database(“admin”) in the sample code above.
BR, Kevin
Hi @Kevin_Meng,
Can you try adding authentication information into the URI itself:
clientOptions := options.Client.ApplyURI("mongodb://USERNAME:PASSWORD@127.0.0.1:32768/"
client, err := mongo.Connect(ctx, clientOptions)
Doing it this way will allow the driver to automatically authenticate each connection that it creates to the MongoDB deployment. You will not need to manually run the authenticate command.
If I’m misunderstanding your use case and this solution doesn’t address your question, can you provide some information about why you need to manually execute this command?
– Divjot
Hi Divjot_Arora,
Thanks for the reply.
I want to build a SaaS application with “Database per Tenant” approach and I need each tenant to authenticate with different credentials to MongoDB.
I learned MongoDB completely separated the actions of "connect” and “authenticate”, means we could leverage connection pool to create a pool of “blank” connections and then borrow a connection from the pool to do authentication for current tenant.
This is the reason why I separate the connection and authentication.
Could you please advise the best practice for this use case? Thank you very much!
BR, Kevin
@Kevin_Meng Will all tenants share the same mongo.Client instance in your application? If so, can you outline the control flow for two tenants connecting to your app? How does the application know which connections belong to which tenants?
– Divjot
Hi Divjot_Arora,
Yes, the service requires user to access with JWT, there is a property:TenantID in the claims part of JWT which will be extracted to identify which tenant database to connect, authenticate, and do the subsequent DB queries, once complete, drop it; For a new request to the service, do the above steps again.
Hope this is helpful to you.
BR, Kevin
Hi @Kevin_Meng,
I don’t have much experience with this sort of use case. We generally recommend that a mongo.Client be created with a set of credentials which will then be automatically applied to all of the connections it creates. I’m not sure what the server behavior is if an application attempts to manually authenticate connections.
Also, based on the authentication spec, the auth conversation for the SCRAM-SHA-256 mechanism uses saslStart and saslContinue commands, not the authenticate command, so it’s possible that the commands you’re sending are not in the format the server expects.
– Divjot