DOCSP-39359 - GCP OIDC (#210)

mongoKart · web-flow · commit e456f4f8f326 · 2024-06-12T15:12:07.000-05:00
diff --git a/source/fundamentals/enterprise-authentication.txt b/source/fundamentals/enterprise-authentication.txt
@@ -323,6 +323,56 @@ see the corresponding syntax.
             .WithMechanismProperty("TOKEN_RESOURCE", "<audience>"); 
          var client = new MongoClient(mongoClientSettings);
 
+.. _csharp-mongodb-oidc-gcp-imds:
+
+GCP IMDS
+~~~~~~~~
+
+If your application runs on a Google Compute Engine VM, or otherwise uses the
+`GCP Instance Metadata Service <https://cloud.google.com/compute/docs/metadata/querying-metadata>`__,
+you can authenticate to MongoDB by using the {+driver-short+}'s built-in GCP
+support.
+
+You can specify GCP IMDS OIDC authentication on a ``MongoClientSettings`` object either by 
+using a ``MongoCredential`` object or as part of the connection string. Select the 
+:guilabel:`Connection String` or :guilabel:`MongoCredential` tab to
+see the corresponding syntax.
+
+.. tabs::
+
+   .. tab:: Connection String
+      :tabid: mongodb-gcp-imds-connection-string
+    
+      The following code example shows how to specify GCP IMDS OIDC authentication as
+      part of the authentication string. 
+      Replace the ``<audience>`` placeholder with the
+      value of the ``audience`` parameter configured on your MongoDB deployment. 
+      
+      .. code-block:: csharp
+
+         var connectionString = "mongodb://<hostname>[:<port>]/?" +
+            "authMechanism=MONGODB-OIDC" +
+            "&authMechanismProperties=ENVIRONMENT:gcp,TOKEN_RESOURCE:<audience>");
+         var mongoClientSettings = MongoClientSettings.FromConnectionString(connectionString);
+         var client = new MongoClient(mongoClientSettings);
+
+   .. tab:: MongoCredential
+      :tabid: mongodb-gcp-mongo-credential
+
+      The following code example shows how to specify GCP IMDS OIDC authentication by using
+      a ``MongoCredential`` object.
+      Replace the ``<audience>``
+      placeholder with the value of the ``audience`` parameter configured on your MongoDB
+      deployment. 
+
+      .. code-block:: csharp
+
+         var mongoClientSettings = MongoClientSettings.FromConnectionString(
+            "mongodb+srv://<hostname>[:<port>]");
+         mongoClientSettings.Credential = MongoCredential.CreateOidcCredential("gcp")
+            .WithMechanismProperty("TOKEN_RESOURCE", "<audience>"); 
+         var client = new MongoClient(mongoClientSettings);
+
 Custom Callback
 ~~~~~~~~~~~~~~~
 
