fix: apply mongosh CLI options (e.g. oidcTrustedEndpoint) in connect-tool path#1121
Open
KyriosGN0 wants to merge 4 commits into
Open
fix: apply mongosh CLI options (e.g. oidcTrustedEndpoint) in connect-tool path#1121KyriosGN0 wants to merge 4 commits into
KyriosGN0 wants to merge 4 commits into
Conversation
Collaborator
|
Hey, thanks for the contribution! I will first investigate this usecase a bit more and see if there are alternative solutions that could also work here 🙂 |
Author
|
Hey @gagik, have you had a chance to look at this PR (and use case)? is there something i can do to help you? |
Collaborator
|
@KyriosGN0 hey, sorry there was some focus on #1045 past week. The changes and the usecase overall makes sense, I'll add a couple comments to address and we can get that in 🙂 |
gagik
reviewed
May 22, 2026
|
|
||
| private getMongoshUserConfig(): Partial<UserConfig> { | ||
| const mongoshKeys = Object.keys(MongoshCliOptionsSchema.shape) as (keyof UserConfig)[]; | ||
| return Object.fromEntries( |
Collaborator
There was a problem hiding this comment.
I think it'd not be a problem to pass the whole userConfig object as it'd be a superset anyway generateConnectionInfoFromCliArgs
…tool path When a user calls the MCP 'connect' tool with a non-Atlas MongoDB host and MONGODB-OIDC auth, the driver raised: MongoInvalidArgumentError: Host 'foo.example.com' is not valid for OIDC authentication with ALLOWED_HOSTS of '*.mongodb.net,...' Root cause: generateConnectionInfoFromCliArgs was called with only defaultDriverOptions, omitting the mongosh CLI options stored in userConfig. The startup (connectToConfiguredConnection) path already spread the full userConfig; this commit makes the connect-tool path consistent by extracting the mongosh-specific subset via getMongoshUserConfig() and merging it in. Fixes: the existing OIDC integration test workaround comment at tests/integration/common/connectionManager.oidc.test.ts:~142 Signed-off-by: AvivGuiser <avivguiser@gmail.com>
The previous workaround bypassed the connect tool because mongosh CLI options (e.g. oidcTrustedEndpoint) weren't propagated in that path. Now that the bug is fixed, use the proper connect() helper so the test exercises the same code path as a real MCP client. Signed-off-by: AvivGuiser <avivguiser@gmail.com>
Signed-off-by: AvivGuiser <avivguiser@gmail.com>
Signed-off-by: AvivGuiser <avivguiser@gmail.com>
KyriosGN0
force-pushed
the
fix-device-auth-oidc-endpoint
branch
from
2462a08 to
aa87e1a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When a user calls the MCP 'connect' tool with a non-Atlas MongoDB host
and MONGODB-OIDC auth, the driver raised:
MongoInvalidArgumentError: Host 'foo.example.com' is not valid for OIDC
authentication with ALLOWED_HOSTS of '*.mongodb.net,...'
Root cause: generateConnectionInfoFromCliArgs was called with only
defaultDriverOptions, omitting the mongosh CLI options stored in
userConfig. The startup (connectToConfiguredConnection) path already
spread the full userConfig; this commit makes the connect-tool path
consistent by extracting the mongosh-specific subset via
getMongoshUserConfig() and merging it in.
Fixes: the existing OIDC integration test workaround comment at
tests/integration/common/connectionManager.oidc.test.ts:~142
NOTE: i wrote this PR with Claude Code, i verified this works with my case (mongodb running on k8s, the mcp is running also in k8s, the client is a local claude code session that is using connect tool)
Checklist