Docs Menu
Docs Home
/
Languages
/
Go
/
Go Driver
/
Security
/
Authentication

SCRAM Authentication Mechanism

Overview

Salted Challenge Response Authentication Mechanism (SCRAM) is a family of authentication mechanisms that use a challenge-response mechanism to authenticate the user. SCRAM-SHA-256, which uses the SHA-256 algorithm to hash your password, is the default authentication mechanism.

You can use SCRAM to authenticate to MongoDB Atlas, MongoDB Enterprise Advanced, and MongoDB Community Edition.

Tip

SCRAM Mechanisms

To learn more about the SCRAM family of authentication mechanisms, see RFC 5802 and Salted Challenge Response Authentication Mechanism on Wikipedia.

For more information about the MongoDB implementation of SCRAM, see SCRAM in the MongoDB Server manual.

Code Placeholders

Each authentication mechanism contains the following placeholders:

  • db_username - Your MongoDB database username

  • db_password - Your MongoDB database user's password

  • hostname - Your MongoDB servers network address, accessible by your client

  • port - Your MongoDB servers port number

  • authenticationDb - Your MongoDB database that contains the user's authentication data. If you omit this option, the driver uses the default value admin.

Specify SCRAM-SHA-256 Authentication

SCRAM-SHA-256 is a salted challenge-response authentication mechanism (SCRAM) that uses your database username and password, encrypted with the SHA-256 algorithm, to authenticate your user. SCRAM-SHA-256 is the default authentication mechanism.

To specify the default authentication mechanism, omit the AuthMechanism option:

credential := options.Credential{
   AuthSource: "<authenticationDb>",
   Username: "<db_username>",
   Password: "<db_password>",
}
clientOpts := options.Client().ApplyURI("mongodb://<hostname>:<port>").
   SetAuth(credential)
client, err := mongo.Connect(clientOpts)

To explicitly specify the SCRAM-SHA-256 authentication mechanism, assign the AuthMechanism option the value "SCRAM-SHA-256":

credential := options.Credential{
   AuthMechanism: "SCRAM-SHA-256",
   AuthSource: "<authenticationDb>",
   Username: "<db_username>",
   Password: "<db_password>",
}
clientOpts := options.Client().ApplyURI("mongodb://<hostname>:<port>").
   SetAuth(credential)
client, err := mongo.Connect(clientOpts)

API Documentation

To learn more about any of the methods or types discussed on this page, see the following API documentation:

Back

Authentication

Next

X.509

On this page