DRIVERS-2601 Fix API description for GCP built-in OIDC provider (#1567)

mongodb · Apr 23, 2024 · 39f8532 · 39f8532
1 parent e62b205
commit 39f8532
Showing 1 changed file with 5 additions and 16 deletions.
diff --git a/source/auth/auth.md b/source/auth/auth.md
@@ -1349,7 +1349,6 @@ http://metadata/computeMetadata/v1/instance/service-accounts/default/identity?au
 with headers
 
 ```
-Accept: application/json
 Metadata-Flavor: Google
 ```
 
@@ -1360,27 +1359,15 @@ Example code for the above using curl, where `$TOKEN_RESOURCE` is the value of t
 
 ```bash
 curl -X GET \
- -H "Accept: application/json" \
  -H "Metadata-Flavor: Google" \
  --max-time $CALLBACK_TIMEOUT_MS \
  "http://metadata/computeMetadata/v1/instance/service-accounts/default/identity?audience=$TOKEN_RESOURCE"
 ```
 
-The JSON response will be in this format:
+The response body will be the access token itself.
 
-```json
-{
- "aud": "https://example.com",
- "azp": "118153013249117554930",
- "exp": 1707488566,
- "iat": 1707484966,
- "iss": "https://accounts.google.com",
- "sub": "118153013249117554930"
-}
-```
-
-The driver MUST use the returned `"access_token"` value as the access token in a `JwtStepRequest`. If the response does
-not return a status code of 200, the driver MUST raise an error including the HTTP response body.
+The driver MUST use the returned value as the access token in a `JwtStepRequest`. If the response does not return a
+status code of 200, the driver MUST raise an error including the HTTP response body.
 
 For more details, see [View and query VM metadata](https://cloud.google.com/compute/docs/metadata/querying-metadata).
 
@@ -2057,6 +2044,8 @@ to EC2 instance metadata in ECS, for security reasons, Amazon states it's best p
 
 ## Changelog
 
+- 2024-04-22: Fix API description for GCP built-in OIDC provider.
+
 - 2024-04-22: Updated OIDC authentication flow and prose tests.
 
 - 2024-04-22: Clarify that driver should not validate `saslSupportedMechs` content.