How does mongo client knows which authMechanism to use when not specified in config?

Question

We recently migrated our DB to Mongo 4.0. We created a new user for the application and SCRAM-SHA-256 is enabled from the DB side. To my surprise, The existing mongo driver we are using is 3.8.2 is working fine without any changes in the config from the application side, I haven't specified the authMechanism param in the config. How does the client know the authentication mechanism?

My understanding is default mechanism would be SCRAM-SHA-1 will be considered and authentication should fail. I checked the code and I couldn't find how it is working, from some blogs I identified that isMaster will be called using saslSupportedMechs which will provide the supported SASL mechanisms, is my understanding right? where can I find this code in vertx mongo client?

MongoConnnection String:

mongoConnectionJson = new JsonObject().put("connection_string", "mongodb://testhost:6005")
                .put("db_name", "test_db")
                .put("username", "test_sha-256")
                .put("password", "test_sha-256")
                .put("authSource", "test_db");

Answer 1

The default auth mechanism selection may in theory differ from one driver to another but should be similar to the description here for the Ruby driver:

• For MongoDB 4.0 and higher, the client performs SCRAM mechanism negotiation with the server. If the user specified in client configuration permits authentication with SCRAM-SHA-256, then SCRAM-SHA-256 is used for authentication. Otherwise SCRAM-SHA-1 is used.
• For MongoDB 3.0 through 3.6, SCRAM-SHA-1 is used.
• For MongoDB 2.6, MONGODB-CR is used.