Docs Home / Node.js Driver / Authentication

SCRAM Authentication MechanismsSCRAM身份验证机制

Overview概述

Salted Challenge Response Authentication Mechanism (SCRAM) is a family of authentication mechanisms that use a challenge-response mechanism to authenticate the user. SCRAM-SHA-256, which uses the SHA-256 algorithm to hash your password, is the default authentication mechanism in MongoDB Server version 4.0 and later. SCRAM-SHA-1, which uses the SHA-1 algorithm instead, is the default authentication mechanism in MongoDB Server versions earlier than 4.0.加盐挑战-响应认证机制(SCRAM)是一个使用质询-响应机制对用户进行身份验证的身份验证机制家族。SCRAM-SHA-256使用SHA-256算法对密码进行哈希运算,是MongoDB Server 4.0及更高版本中的默认身份验证机制。SCRAM-SHA-1使用SHA-1算法,是MongoDB Server 4.0之前版本的默认身份验证机制。

You can use SCRAM to authenticate to MongoDB Atlas, MongoDB Enterprise Advanced, and MongoDB Community Edition.您可以使用SCRAM对MongoDB Atlas、MongoDB企业高级版和MongoDB社区版进行身份验证。

Tip

SCRAM Mechanisms机制

To learn more about the SCRAM family of authentication mechanisms, see RFC 5802 and Salted Challenge Response Authentication Mechanism on Wikipedia.要了解有关SCRAM系列身份验证机制的更多信息,请参阅维基百科上的RFC 5802加盐挑战响应身份验证机制

For more information about the MongoDB implementation of SCRAM, see SCRAM in the MongoDB Server manual.有关MongoDB实现SCRAM的更多信息,请参阅MongoDB服务器手册中的SCRAM

Code Placeholders代码占位符

The code examples on this page use the following placeholders:此页面上的代码示例使用以下占位符:

  • <db_username>: The MongoDB username of the user to authenticate.:要进行身份验证的用户的MongoDB用户名。
  • <db_password>: The MongoDB password of the user to authenticate.:要验证的用户的MongoDB密码。
  • <cluster_url>: The network address of your MongoDB deployment.:MongoDB部署的网络地址。

To use the code examples, replace these placeholders with your own values.要使用代码示例,请将这些占位符替换为您自己的值。

Default Authentication Mechanism默认身份验证机制

The DEFAULT authentication mechanism is a fallback setting that instructs the driver to negotiate the first authentication mechanism supported by the server in the following order of preference:DEFAULT身份验证机制是一种回退设置,指示驱动程序按照以下优先顺序协商服务器支持的第一种身份验证机制:

  1. SCRAM-SHA-256
  2. SCRAM-SHA-1
  3. MONGODB-CR

If the DEFAULT option is specified, the driver first attempts to authenticate using SCRAM-SHA-256. If the version of the MongoDB instance does not support that mechanism, the driver attempts to authenticate using SCRAM-SHA-1. 如果指定了DEFAULT选项,驱动程序将首先尝试使用SCRAM-SHA-256进行身份验证。如果MongoDB实例的版本不支持该机制,驱动程序将尝试使用SCRAM-SHA-1进行身份验证。If the instance does not support that mechanism either, the driver attempts to authenticate using MONGODB-CR.如果实例也不支持该机制,驱动程序将尝试使用MONGODB-CR进行身份验证。

You can specify the default authentication mechanism by setting the authMechanism parameter to DEFAULT in the connection string, or by omitting the parameter since it is the default value.您可以通过在连接字符串中将authMechanism参数设置为DEFAULT,或者省略该参数(因为它是默认值)来指定默认身份验证机制。

The following example shows how to set the authentication mechanism to the default by setting authMechanism to DEFAULT in the connection string:以下示例显示了如何通过在连接字符串中将authMechanism设置为DEFAULT来将身份验证机制设置为默认值:

Important

Always URI encode the username and password using the encodeURIComponent method to ensure they are correctly parsed.始终使用encodeURIComponent方法对用户名和密码进行URI编码,以确保它们被正确解析。

const { MongoClient } = require("mongodb");

// Replace the following with values for your environment.将以下内容替换为您的环境值。
const username = encodeURIComponent("<db_username>");
const password = encodeURIComponent("<db_password>");
const clusterUrl = "<cluster_url>";

const authMechanism = "DEFAULT";

// Replace the following with your MongoDB deployment's connection string.将以下内容替换为MongoDB部署的连接字符串。
const uri =
  `mongodb+srv://${username}:${password}@${clusterUrl}/?authMechanism=${authMechanism}`;

// Create a new MongoClient创建一个新的MongoClient
const client = new MongoClient(uri);

// Function to connect to the server连接到服务器的功能
async function run() {
  try {
    // Establish and verify connection建立并验证连接
    await client.db("admin").command({ ping: 1 });
    console.log("Connected successfully to server");
  } finally {
    // Ensures that the client will close when you finish/error确保客户端在您完成/出错时关闭
    await client.close();
  }
}
run().catch(console.dir);

To learn more about the SCRAM version that MongoDB supports, see the SCRAM section of the MongoDB Server manual.要了解有关MongoDB支持的SCRAM版本的更多信息,请参阅MongoDB服务器手册的SCRAM部分。

SCRAM-SHA-256

Note

SCRAM-SHA-256 is the default authentication method for MongoDB starting in version 4.0是MongoDB 4.0版本开始的默认身份验证方法

SCRAM-SHA-256 is a SCRAM version that uses your username and password, encrypted with the SHA-256 algorithm to authenticate your user.是一个SCRAM版本,使用您的用户名和密码,用SHA-256算法加密以验证您的用户身份。

You can specify this authentication mechanism by setting the authMechanism to the value SCRAM-SHA-256 in the connection string as shown in the following sample code.您可以通过将authMechanism设置为连接字符串中的值SCRAM-SHA-256来指定此身份验证机制,如以下示例代码所示。

Important

Always URI encode the username and password using the encodeURIComponent method to ensure they are correctly parsed.始终使用encodeURIComponent方法对用户名和密码进行URI编码,以确保它们被正确解析。

const { MongoClient } = require("mongodb");

// Replace the following with values for your environment.将以下内容替换为您的环境值。
const username = encodeURIComponent("<db_username>");
const password = encodeURIComponent("<db_password>");
const clusterUrl = "<cluster_url>";

const authMechanism = "SCRAM-SHA-256";

// Replace the following with your MongoDB deployment's connection string.将以下内容替换为MongoDB部署的连接字符串。
const uri =
  `mongodb+srv://${username}:${password}@${clusterUrl}/?authMechanism=${authMechanism}`;

// Create a new MongoClient创建一个新的MongoClient
const client = new MongoClient(uri);

// Function to connect to the server连接到服务器的功能
async function run() {
  try {
    // Establish and verify connection建立并验证连接
    await client.db("admin").command({ ping: 1 });
    console.log("Connected successfully to server");
  } finally {
    // Ensures that the client will close when you finish/error确保客户端在您完成/出错时关闭
    await client.close();
  }
}
run().catch(console.dir);

SCRAM-SHA-1

Note

SCRAM-SHA-1 is the default authentication method for MongoDB versions 3.0, 3.2, 3.4, and 3.6.是MongoDB 3.0、3.2、3.4和3.6版本的默认身份验证方法。

SCRAM-SHA-1 is a SCRAM version that uses your username and password, encrypted with the SHA-1 algorithm to authenticate your user.SCRAM-SHA-1是一个SCRAM版本,它使用您的用户名和密码,用SHA-1算法加密以验证您的用户身份。

You can specify this authentication mechanism by setting the authMechanism parameter to the value SCRAM-SHA-1 in the connection string as shown in the following sample code.您可以通过将authMechanism参数设置为连接字符串中的值SCRAM-SHA-1来指定此身份验证机制,如以下示例代码所示。

Important

Always URI encode the username and password using the encodeURIComponent method to ensure they are correctly parsed.始终使用encodeURIComponent方法对用户名和密码进行URI编码,以确保它们被正确解析。

const { MongoClient } = require("mongodb");

// Replace the following with values for your environment.将以下内容替换为您的环境值。
const username = encodeURIComponent("<db_username>");
const password = encodeURIComponent("<db_password>");
const clusterUrl = "<cluster_url>";

const authMechanism = "SCRAM-SHA-1";

// Replace the following with your MongoDB deployment's connection string.将以下内容替换为MongoDB部署的连接字符串。
const uri =
  `mongodb+srv://${username}:${password}@${clusterUrl}/?authMechanism=${authMechanism}`;

// Create a new MongoClient创建一个新的MongoClient
const client = new MongoClient(uri);

// Function to connect to the server连接到服务器的功能
async function run() {
  try {
    // Establish and verify connection建立并验证连接
    await client.db("admin").command({ ping: 1 });
    console.log("Connected successfully to server");
  } finally {
    // Ensures that the client will close when you finish/error确保客户端在您完成/出错时关闭
    await client.close();
  }
}
run().catch(console.dir);

API Documentation文档

To learn more about any of the methods or types discussed on this page, see the following API documentation:要了解有关本页中讨论的任何方法或类型的更多信息,请参阅以下API文档: