Overview
MongoDB 支持多种可用于对应用程序进行身份验证的机制。 本页包含的代码示例展示了每种机制。
要使用此页面中的身份验证示例,请将代码示例复制到示例应用程序或您自己的应用程序中。 请务必将代码示例中的所有占位符(例如 <hostname> )替换为 MongoDB 部署的相关值。
示例应用程序
您可以使用以下示例应用程序来测试本页上的代码示例。 要使用示例应用程序,请执行以下步骤:
确保已安装 PyMongo。
复制以下代码并将其粘贴到新的
.py文件中。从此页面复制代码示例,并将其粘贴到文件中的指定行。
选择 Synchronous 或 Asynchronous标签页以查看相应的代码:
1 from pymongo import MongoClient 2 3 try: 4 # start example code here 5 6 # end example code here 7 8 client.admin.command("ping") 9 print("Connected successfully") 10 11 # other application code 12 13 client.close() 14 15 except Exception as e: 16 raise Exception( 17 "The following error occurred: ", e)
1 import asyncio 2 from pymongo import AsyncMongoClient 3 4 async def main(): 5 try: 6 # start example code here 7 8 # end example code here 9 10 await client.admin.command("ping") 11 print("Connected successfully") 12 13 # other application code 14 15 await client.close() 16 17 except Exception as e: 18 raise Exception( 19 "The following error occurred: ", e) 20 21 asyncio.run(main())
传输层安全性 (TLS)
启用 TLS
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname:<port>", tls=True)
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>?tls=true")
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname:<port>", tls=True)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>?tls=true")
要了解有关启用 TLS 的更多信息,请参阅 TLS 配置指南中的启用 TLS 。
指定证书颁发机构 (CA) 文件
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCAFile="/path/to/ca.pem")
uri = "mongodb://<db_username>:<db_password>@<hostname>:<port>/?tls=true&tlsCAFile=/path/to/ca.pem" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCAFile="/path/to/ca.pem")
uri = "mongodb://<db_username>:<db_password@<hostname>:<port>/?tls=true&tlsCAFile=/path/to/ca.pem" client = pymongo.AsyncMongoClient(uri)
要了解有关指定 CA 文件的更多信息,请参阅 TLS 配置指南中的指定 CA 文件。
禁用 OCSP 检查
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsDisableOCSPEndpointCheck=True)
uri = "mongodb://example.com/?tls=true&tlsDisableOCSPEndpointCheck=true" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsDisableOCSPEndpointCheck=True)
uri = "mongodb://example.com/?tls=true&tlsDisableOCSPEndpointCheck=true" client = pymongo.AsyncMongoClient(uri)
要了解有关禁用 OCSP 检查的更多信息,请参阅 TLS 配置指南中的OCSP 。
指定证书撤销列表 (CRL)
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCRLFile="/path/to/crl.pem")
uri = "mongodb://example.com/?tls=true&tlsCRLFile=/path/to/crl.pem" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCRLFile="/path/to/crl.pem")
uri = "mongodb://example.com/?tls=true&tlsCRLFile=/path/to/crl.pem" client = pymongo.AsyncMongoClient(uri)
要了解有关指定 CRL 的更多信息,请参阅 TLS 配置指南中的证书吊销列表。
出示客户端证书
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCertificateKeyFile='/path/to/client.pem')
uri = ("mongodb://<db_username>:<db_password>@<hostname:<port>/?" "tls=true" "&tlsCertificateKeyFile=path/to/client.pem") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCertificateKeyFile='/path/to/client.pem')
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsCertificateKeyFile=path/to/client.pem") client = pymongo.AsyncMongoClient(uri)
要了解有关指定客户端证书的更多信息,请参阅 TLS 配置指南中的提供客户端证书。
提供证书密钥文件密码
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname:<port>", tls=True, tlsCertificateKeyFile='/path/to/client.pem', tlsCertificateKeyFilePassword=<passphrase>)
uri = ("mongodb://<db_username>:<db_password>@<hostname:<port>/?" "tls=true" "&tlsCertificateKeyFile=path/to/client.pem" "&tlsCertificateKeyFilePassword=<passphrase>") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsCertificateKeyFile='/path/to/client.pem', tlsCertificateKeyFilePassword=<passphrase>)
uri = ("mongodb://<db_username>:<db_password" "@<hostname>:<port>/?" "tls=true" "&tlsCertificateKeyFile=path/to/client.pem" "&tlsCertificateKeyFilePassword=<passphrase>") client = pymongo.AsyncMongoClient(uri)
要了解有关提供密钥文件密码的更多信息,请参阅 TLS 配置指南中的提供密钥密码。
允许不安全的 TLS
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname:<port>", tls=True, tlsInsecure=True)
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsInsecure=true") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsInsecure=True)
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsInsecure=true") client = pymongo.AsyncMongoClient(uri)
要了解有关允许不安全 TLS 的更多信息,请参阅 TLS 配置指南中的允许不安全 TLS 。
禁用证书验证
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsAllowInvalidCertificates=True)
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsAllowInvalidCertificates=true") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsAllowInvalidCertificates=True)
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsAllowInvalidCertificates=true") client = pymongo.AsyncMongoClient(uri)
要了解有关禁用证书验证的更多信息,请参阅 TLS 配置指南中的允许不安全的 TLS 。
禁用主机名验证
client = pymongo.MongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsAllowInvalidHostnames=True)
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsAllowInvalidHostnames=true") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<db_username>:<db_password>@<hostname>:<port>", tls=True, tlsAllowInvalidHostnames=True)
uri = ("mongodb://<db_username>:<db_password>@<hostname>:<port>/?" "tls=true" "&tlsAllowInvalidHostnames=true") client = pymongo.AsyncMongoClient(uri)
要了解有关禁用主机名验证的更多信息,请参阅 TLS 配置指南中的允许不安全的 TLS 。
SCRAM-SHA-256
client = pymongo.MongoClient("mongodb://<hostname>:<port>", username="<db_username>", password="<db_password>", authSource="<authentication database>", authMechanism="SCRAM-SHA-256")
uri = ("mongodb://<percent-encoded username>:<percent-encoded password>" "@<hostname>:<port>/?" "authSource=<authentication database>" "&authMechanism=SCRAM-SHA-256") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", username="<db_username>", password="<db_password>", authSource="<authentication database>", authMechanism="SCRAM-SHA-256")
uri = ("mongodb://<percent-encoded username>:<percent-encoded password>" "@<hostname>:<port>/?" "authSource=<authentication database>" "&authMechanism=SCRAM-SHA-256") client = pymongo.AsyncMongoClient(uri)
要学习;了解有关SCRAM-SHA-256 身份验证的更多信息,请参阅身份验证指南中的SCRAM 。
SCRAM-SHA-1
client = pymongo.MongoClient("mongodb://<hostname>:<port>", username="<db_username>", password="<db_password>", authSource="<authentication database>", authMechanism="SCRAM-SHA-1")
uri = ("mongodb://<percent-encoded username>:<percent-encoded password>" "@<hostname>:<port>/?" "authSource=<authentication database>" "&authMechanism=SCRAM-SHA-1") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", username="<db_username>", password="<db_password>", authSource="<authentication database>", authMechanism="SCRAM-SHA-1")
uri = ("mongodb://<percent-encoded username>:<percent-encoded password>" "@<hostname>:<port>/?" "authSource=<authentication database>" "&authMechanism=SCRAM-SHA-1") client = pymongo.AsyncMongoClient(uri)
要学习;了解有关SCRAM-SHA-1 身份验证的更多信息,请参阅身份验证指南中的SCRAM 。
MONGODB-X509
client = pymongo.MongoClient("mongodb://<hostname>:<port>", tls=True, tlsCertificateKeyFile="/path/to/client.pem", authMechanism="MONGODB-X509")
uri = ("mongodb://<hostname>:<port>/?" "tls=true" "&tlsCertificateKeyFile=path/to/client.pem" "&authMechanism=MONGODB-X509") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", tls=True, tlsCertificateKeyFile="/path/to/client.pem", authMechanism="MONGODB-X509")
uri = ("mongodb://<hostname>:<port>/?" "tls=true" "&tlsCertificateKeyFile=path/to/client.pem" "&authMechanism=MONGODB-X509") client = pymongo.AsyncMongoClient(uri)
要学习;了解有关 MONGODB-X509 身份验证的更多信息,请参阅身份验证指南中的 X.509 。
MONGODB-AWS
MongoClient 凭证
client = pymongo.MongoClient("mongodb://<hostname>:<port>", username="<AWS IAM access key ID>", password="<AWS IAM secret access key>", authMechanism="MONGODB-AWS")
uri = ("mongodb://<percent-encoded AWS IAM access key ID>:" "<percent-encoded AWS IAM secret access key>" "@<hostname>:<port>/?" "&authMechanism=MONGODB-AWS") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", username="<AWS IAM access key ID>", password="<AWS IAM secret access key>", authMechanism="MONGODB-AWS")
uri = ("mongodb://<percent-encoded AWS IAM access key ID>:" "<percent-encoded AWS IAM secret access key>" "@<hostname>:<port>/?" "&authMechanism=MONGODB-AWS") client = pymongo.AsyncMongoClient(uri)
要学习;了解有关使用Amazon Web Services MongoClient 档案进行凭证验证的更多信息,请参阅身份验证指南中的MongoClient 档案。
环境变量
client = pymongo.MongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.AsyncMongoClient(uri)
要了解有关使用Amazon Web Services环境变量进行身份验证的更多信息,请参阅身份验证指南中的环境变量。
共享凭证文件
client = pymongo.MongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.AsyncMongoClient(uri)
要学习;了解有关使用共享Amazon Web Services凭证文件进行身份验证的更多信息,请参阅身份验证指南中的共享凭证文件。
Amazon Web Services配置文件
client = pymongo.MongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.AsyncMongoClient(uri)
要了解有关使用Amazon Web Services配置文件进行身份验证的更多信息,请参阅身份验证指南中的Amazon Web Services配置文件。
AssumeRole 请求
client = pymongo.MongoClient("mongodb://@<hostname>:<port>", username="<AWS IAM access key ID>", password="<AWS IAM secret access key>", authMechanismProperties="AWS_SESSION_TOKEN:<AWS session token>", authMechanism="MONGODB-AWS")
uri = ("mongodb://<percent-encoded AWS IAM access key ID>:" "<percent-encoded AWS IAM secret access key>" "@<hostname>:<port>/?" "authMechanismProperties=AWS_SESSION_TOKEN:<AWS session token>" "&authMechanism=MONGODB-AWS") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://@<hostname>:<port>", username="<AWS IAM access key ID>", password="<AWS IAM secret access key>", authMechanismProperties="AWS_SESSION_TOKEN:<AWS session token>", authMechanism="MONGODB-AWS")
uri = ("mongodb://<percent-encoded AWS IAM access key ID>:" "<percent-encoded AWS IAM secret access key>" "@<hostname>:<port>/?" "authMechanismProperties=AWS_SESSION_TOKEN:<AWS session token>" "&authMechanism=MONGODB-AWS") client = pymongo.AsyncMongoClient(uri)
要学习;了解有关使用AssumeRole请求进行身份验证的更多信息,请参阅身份验证指南中的AssumeRole 请求。
AssumeRoleWithWebIdentity
client = pymongo.MongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.AsyncMongoClient(uri)
要了解有关使用AssumeRoleWithWebIdentity请求进行身份验证的更多信息,请参阅身份验证指南中的AssumeRoleWithWebIdentity 。
ECS 容器或 EC 2实例
client = pymongo.MongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", authMechanism="MONGODB-AWS")
uri = "mongodb://<hostname>:<port>/?&authMechanism=MONGODB-AWS" client = pymongo.AsyncMongoClient(uri)
要了解有关从 ECS 容器进行身份验证的更多信息,请参阅身份验证指南中的ECS 容器或 EC 2实例。
Kerberos
注意
仅限 MongoDB Enterprise
Kerberos 身份验证仅在 MongoDB Enterprise 中可用。
Unix
client = pymongo.MongoClient("mongodb://<hostname>:<port>", username="mongodbuser@EXAMPLE.COM", authMechanism="GSSAPI", authMechanismProperties="SERVICE_NAME:<authentication service name>")
uri = ("mongodb://mongodbuser%40EXAMPLE.COM@<hostname>:<port>/?" "&authMechanism=GSSAPI" "&authMechanismProperties=SERVICE_NAME:<authentication service name>") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", username="mongodbuser@EXAMPLE.COM", authMechanism="GSSAPI", authMechanismProperties="SERVICE_NAME:<authentication service name>")
uri = ("mongodb://mongodbuser%40EXAMPLE.COM@<hostname>:<port>/?" "&authMechanism=GSSAPI" "&authMechanismProperties=SERVICE_NAME:<authentication service name>") client = pymongo.AsyncMongoClient(uri)
要学习;了解有关使用Kerberos进行身份验证的更多信息,请参阅 Enterprise Authentication指南中的Kerberos (GSSAPI)。
Windows
client = pymongo.MongoClient("mongodb://<hostname>:<port>", username="<username>", authMechanism="GSSAPI", password="<password>", authMechanismProperties="SERVICE_NAME:<authentication service name>, CANONICALIZE_HOST_NAME:true, SERVICE_REALM:<service realm>")
uri = ("mongodb://<percent-encoded username>:<percent-encoded user password>" "@<hostname>:<port>/?" "&authMechanism=GSSAPI" "&authMechanismProperties=" "SERVICE_NAME:<authentication service name>," "CANONICALIZE_HOST_NAME:true," "SERVICE_REALM:<service realm>") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", username="<username>", authMechanism="GSSAPI", password="<password>", authMechanismProperties="SERVICE_NAME:<authentication service name>, CANONICALIZE_HOST_NAME:true, SERVICE_REALM:<service realm>")
uri = ("mongodb://<percent-encoded username>:<percent-encoded user password>" "@<hostname>:<port>/?" "&authMechanism=GSSAPI" "&authMechanismProperties=" "SERVICE_NAME:<authentication service name>," "CANONICALIZE_HOST_NAME:true," "SERVICE_REALM:<service realm>") client = pymongo.AsyncMongoClient(uri)
要学习;了解有关使用Kerberos进行身份验证的更多信息,请参阅 Enterprise Authentication指南中的Kerberos (GSSAPI)。
PLAIN SASL
注意
仅限 MongoDB Enterprise
PLAIN SASL 身份验证仅在 MongoDB Enterprise 中可用。
client = pymongo.MongoClient("mongodb://<hostname>:<port>", username="<username>", password="<password>", authMechanism="PLAIN", tls=True)
uri = ("mongodb://<username>:<password>@<hostname>:<port>/?" "&authMechanism=PLAIN" "&tls=true") client = pymongo.MongoClient(uri)
client = pymongo.AsyncMongoClient("mongodb://<hostname>:<port>", username="<username>", password="<password>", authMechanism="PLAIN", tls=True)
uri = ("mongodb://<username>:<password>@<hostname>:<port>/?" "&authMechanism=PLAIN" "&tls=true") client = pymongo.AsyncMongoClient(uri)
要学习;了解有关使用 PLAIN SASL 进行身份验证的更多信息,请参阅 Enterprise Authentication指南中的LDAP (PLAIN SASL)。
MONGODB-OIDC
注意
仅限 MongoDB Enterprise
MONGODB-OIDC 身份验证仅在 MongoDB Enterprise 中可用。
Azure IMDS
from pymongo import MongoClient # define properties and MongoClient properties = {"ENVIRONMENT": "azure", "TOKEN_RESOURCE": "<audience>"} client = MongoClient( "mongodb[+srv]://<hostname>:<port>", username="<Azure ID>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
from pymongo import MongoClient # define URI and MongoClient uri = ("mongodb[+srv]://<hostname>:<port>/?" "username=<username>" "&authMechanism=MONGODB-OIDC" "&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:<percent-encoded audience>") client = MongoClient(uri)
from pymongo import AsyncMongoClient # define properties and MongoClient properties = {"ENVIRONMENT": "azure", "TOKEN_RESOURCE": "<audience>"} client = AsyncMongoClient( "mongodb[+srv]://<hostname>:<port>", username="<Azure ID>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
from pymongo import AsyncMongoClient # define URI and MongoClient uri = ("mongodb[+srv]://<hostname>:<port>/?" "username=<username>" "&authMechanism=MONGODB-OIDC" "&authMechanismProperties=ENVIRONMENT:azure,TOKEN_RESOURCE:<percent-encoded audience>") client = AsyncMongoClient(uri)
要了解有关使用 OIDC 进行身份验证的更多信息,请参阅身份验证指南中的Azure IMDS 。
GCP IMDS
from pymongo import MongoClient # define properties and MongoClient properties = {"ENVIRONMENT": "gcp", "TOKEN_RESOURCE": "<audience>"} client = MongoClient( "mongodb[+srv]://<hostname>:<port>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
from pymongo import MongoClient # define URI and MongoClient uri = ("mongodb[+srv]://<hostname>:<port>/?" "&authMechanism=MONGODB-OIDC" "&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:<percent-encoded audience>") client = MongoClient(uri)
from pymongo import AsyncMongoClient # define properties and MongoClient properties = {"ENVIRONMENT": "gcp", "TOKEN_RESOURCE": "<audience>"} client = AsyncMongoClient( "mongodb[+srv]://<hostname>:<port>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
from pymongo import AsyncMongoClient # define URI and MongoClient uri = ("mongodb[+srv]://<hostname>:<port>/?" "&authMechanism=MONGODB-OIDC" "&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:<percent-encoded audience>") client = AsyncMongoClient(uri)
要学习;了解有关使用 OIDC 进行身份验证的更多信息,请参阅 身份验证指南中的GCP IMDS 。
其他 Azure 环境
from pymongo import MongoClient from azure.identity import DefaultAzureCredential from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult # define callback, properties, and MongoClient audience = "<audience>" client_id = "<Azure ID>" class MyCallback(OIDCCallback): def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult: credential = DefaultAzureCredential(managed_identity_client_id=client_id) token = credential.get_token(f"{audience}/.default").token return OIDCCallbackResult(access_token=token) properties = {"OIDC_CALLBACK": MyCallback()} client = MongoClient( "mongodb[+srv]://<hostname>:<port>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
from pymongo import AsyncMongoClient from azure.identity import DefaultAzureCredential from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult # define callback, properties, and MongoClient audience = "<audience>" client_id = "<Azure ID>" class MyCallback(OIDCCallback): def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult: credential = DefaultAzureCredential(managed_identity_client_id=client_id) token = credential.get_token(f"{audience}/.default").token return OIDCCallbackResult(access_token=token) properties = {"OIDC_CALLBACK": MyCallback()} client = AsyncMongoClient( "mongodb[+srv]://<hostname>:<port>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
要学习;了解有关使用 OIDC 进行身份验证的更多信息,请参阅身份验证指南中的其他Azure环境。
GCP GKE
from pymongo import MongoClient from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult # define callback, properties, and MongoClient class MyCallback(OIDCCallback): def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult: with open("/var/run/secrets/kubernetes.io/serviceaccount/token") as fid: token = fid.read() return OIDCCallbackResult(access_token=token) properties = {"OIDC_CALLBACK": MyCallback()} client = MongoClient( "mongodb[+srv]://<hostname>:<port>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
from pymongo import AsyncMongoClient from pymongo.auth_oidc import OIDCCallback, OIDCCallbackContext, OIDCCallbackResult # define callback, properties, and MongoClient class MyCallback(OIDCCallback): def fetch(self, context: OIDCCallbackContext) -> OIDCCallbackResult: with open("/var/run/secrets/kubernetes.io/serviceaccount/token") as fid: token = fid.read() return OIDCCallbackResult(access_token=token) properties = {"OIDC_CALLBACK": MyCallback()} client = AsyncMongoClient( "mongodb[+srv]://<hostname>:<port>", authMechanism="MONGODB-OIDC", authMechanismProperties=properties )
要了解有关使用 OIDC 进行身份验证的更多信息,请参阅身份验证指南中的GCP GKE 。