I’m trying to migrate a rails application from heroku to render. I’ve added the corresponding .env file, linked it and everything seems to be working fine. Anyhow, when I run my application, I get a Mongo::Auth::Unauthorized error, telling me that the given user is not authorized to access the given collection. I’ve used exactly the same mongoDB Atlas connection string as on heroku, when I try to use it locally it works as well, only on render it doesn’t. I don’t have any special settings on the MongoDB Atlas side, so the authentication should work fine.
I’ve been doing some research on this and I’m also able to duplicate the problem. I have a skeleton Rails app working which connects to MongoDB Atlas but when I deploy it to us I see an authentication error:
W, [2021-07-27T15:33:32.067071 #144] WARN -- : MONGODB | Failed to authenticate to cluster0-shard-00-02.s0icl.mongodb.net:27017: Mongo::Auth::Unauthorized: User dbuser (mechanism: scram) is not authorized to access myFirstDatabase (auth source: myFirstDatabase, used mechanism: SCRAM-SHA-1, used server: cluster0-shard-00-02.s0icl.mongodb.net:27017 (PRIMARY)): [8000:AtlasError]: bad auth : Authentication failed.
I’ve tried with a different user/password but no success so I’m in touch with MongoDB to figure out what’s going on here.
TLDR: appending &authSource=admin to your connection string authenticates successfully
I’ve had some back and forth with MongoDB support, they suggested that I try using a mongo:// connection string that they provided me and that did indeed work.
However, I then went back to the mongodb+srv:// string and tried appending some of the attributes they had specified and found that &authSource=admin seems to be the one that let’s the connection work.
It does seem odd as exactly the same code deployed to Heroku (as you’ve found) works fine without it, I deployed the same app to DigitalOcean apps and it also failed in the same way without authSource so it’s not just isolated to running on Render. I’ve gone back to MongoDB to see if they can suggest any reason for this behaviour.
indeed, authSource=admin solves the issue for me as well. Looking at MongoDB docs, that parameters enables access control: https://docs.mongodb.com/manual/tutorial/enable-authentication/
Weired behaviour as I would assume, that access control is enabled anyhow when passing user:pwd in the connection string and having corresponding settings set in the Atlas cluster.