MongoDB.live, free & fully virtual. Register Now MongoDB.live, free & fully virtual. Register Now

(BadValue) Auth mechanism not specified

When doing authentication by db.RunCommand() , it always says: (BadValue) Auth mechanism not specified. The official documentation says mechanism is optional. Even I set it as {“mechanism”, “SCRAM-SHA-256”}, still not work.
It’s confusing, any suggestion is appreciated.

https://play.golang.org/p/2DIpS6EW0g1
MongoDB server version: 4.4.1
go: 1.15
go driver: v1.4.3

May be shell version mismatch
Make sure you are connected to admin DB

MongoDB User Authentication Fails In Node.js Script

Hi Ramachandra,

Thanks for reply.
I noticed this thread, I didn’t use mongo shell, but go driver.
I already used admin DB for authentication: db := client.Database(“admin”) in the sample code above.

BR, Kevin

Hi @Kevin_Meng,

Can you try adding authentication information into the URI itself:

clientOptions := options.Client.ApplyURI("mongodb://USERNAME:PASSWORD@127.0.0.1:32768/"
client, err := mongo.Connect(ctx, clientOptions)

Doing it this way will allow the driver to automatically authenticate each connection that it creates to the MongoDB deployment. You will not need to manually run the authenticate command.

If I’m misunderstanding your use case and this solution doesn’t address your question, can you provide some information about why you need to manually execute this command?

– Divjot

2 Likes

Hi Divjot_Arora,

Thanks for the reply.
I want to build a SaaS application with “Database per Tenant” approach and I need each tenant to authenticate with different credentials to MongoDB.
I learned MongoDB completely separated the actions of "connect” and “authenticate”, means we could leverage connection pool to create a pool of “blank” connections and then borrow a connection from the pool to do authentication for current tenant.
This is the reason why I separate the connection and authentication.
Could you please advise the best practice for this use case? Thank you very much!

BR, Kevin

@Kevin_Meng Will all tenants share the same mongo.Client instance in your application? If so, can you outline the control flow for two tenants connecting to your app? How does the application know which connections belong to which tenants?

– Divjot

Hi Divjot_Arora,

Yes, the service requires user to access with JWT, there is a property:TenantID in the claims part of JWT which will be extracted to identify which tenant database to connect, authenticate, and do the subsequent DB queries, once complete, drop it; For a new request to the service, do the above steps again.
Hope this is helpful to you.

BR, Kevin