Join us at MongoDB.local London on 7 May to unlock new possibilities for your data. Use WEB50 to save 50%.
Register now >
Docs Menu
Docs Home
/ /
Authentication
Docs Home
/ /
Rust Driver
/
Authentication
Docs Home
/
Client Libraries
/
Rust
/
Rust Driver
/
Authentication

SCRAM

Overview

Salted Challenge Response Authentication Mechanism (SCRAM) is a family of authentication mechanisms that use a username and password to authenticate to a server.

The Rust driver supports the following SCRAM-based authentication mechanisms:

  • SCRAM-SHA-256: An authentication mechanism that uses your database username and password, encrypted with the SHA-256 algorithm. This is the default authentication mechanism.

  • SCRAM-SHA-1: An authentication mechanism that uses your database username and password, encrypted with the SHA-1 algorithm.

You can use SCRAM to authenticate to MongoDB Atlas, MongoDB Enterprise Advanced, and MongoDB Community Edition.

Tip

SCRAM Mechanisms

To learn more about the SCRAM family of authentication mechanisms, see RFC 5802 and Salted Challenge Response Authentication Mechanism on Wikipedia.

For more information about the MongoDB implementation of SCRAM, see SCRAM in the MongoDB Server manual.

Code Placeholders

The code examples on this page use the following placeholders:

  • db_username: Your database username

  • db_password: Your database password

  • db: The authentication database associated with the user

SCRAM-SHA-256

Since SCRAM-SHA-256 is the default authentication mechanism, you can omit the mechanism field when you instantiate your Credential struct to use this mechanism.

The following example specifies the default authentication mechanism:

let uri = "<connection string>";
let mut client_options = ClientOptions::parse(uri).await?;
let default_cred = Credential::builder()
    .username("<db_username>".to_string())
    .password("<db_password>".to_string())
    .source("<db>".to_string())
    .build();
client_options.credential = Some(default_cred);
let client = Client::with_options(client_options)?;

To explicitly specify the SCRAM-SHA-256 authentication mechanism, set the mechanism field of your Credential struct to AuthMechanism::ScramSha256:

let uri = "<connection string>";
let mut client_options = ClientOptions::parse(uri).await?;
let scram_sha_256_cred = Credential::builder()
    .username("<db_username>".to_string())
    .password("<db_password>".to_string())
    .mechanism(AuthMechanism::ScramSha256)
    .source("<db>".to_string())
    .build();
client_options.credential = Some(scram_sha_256_cred);
let client = Client::with_options(client_options)?;

SCRAM-SHA-1

To specify the SCRAM-SHA-1 authentication mechanism, set the mechanism field of your Credential struct to AuthMechanism::ScramSha1:

let uri = "<connection string>";
let mut client_options = ClientOptions::parse(uri).await?;
let scram_sha_1_cred = Credential::builder()
    .username("<db_username>".to_string())
    .password("<db_password>".to_string())
    .mechanism(AuthMechanism::ScramSha1)
    .source("<db>".to_string())
    .build();
client_options.credential = Some(scram_sha_1_cred);
let client = Client::with_options(client_options)?;

Additional Information

To learn more about authenticating to MongoDB, see Authentication in the Server manual.

To learn more about managing users of your MongoDB deployment, see Users in the Server manual.

API Documentation

To learn more about the methods and types mentioned in this guide, see the following API documentation:

Back

Authentication

Next

X.509

On this page