Article For
2.0 2.5 3.0 3.5 4.0 4.1 4.2 5.0 5.1 5.2 5.3

Authentication bundle

With the Authentication bundle we can use OAuth for authentication.


In the appSettings of the RavenDB configuration file add the line:

<add key="Raven/AuthenticationMode" value="OAuth"/>

After that put the Raven.Bundles.Authentication.dll file in the server's Plugins directory and then run the server.
Once done you can use OAuth for authentication.

Adding users

In order to add a user we can use the following code:

using(var session = documentStore.OpenSession())
    session.Store(new AuthenticationUser
        Name = "Ayende",
        Id = "Raven/Users/Ayende",
        AllowedDatabases = new[] {"*"}

If no users are found on the database a user "admin" will be created with an auto generated password. This data can be viewed in the "authentication.config" file.

How to authenticate

In order to authenticate we configure our documentStore:

documentStore.Credentials = new NetworkCredential("userName", "password");

We can also use ConnectionStringName:

new DocumentStore { 


Related server configuration options:

  • Raven/AuthenticationMode - can be 'windows' (default) or 'oauth'
  • Raven/OAuthTokenServer - if the oauth mode is selected, will instruct connecting clients about the OAuthTokenServer, default is the local endpoint inside ravendb
  • Raven/OAuthTokenCertificatePath - the certificate to use when verifying the token signature, allows you to collaborate with external oauth servers. Default to creating a new certificate every time the server restarts
  • Raven/OAuthTokenCertificatePassword - password for the certificate

3rd party OAuth server

In order to user a 3rd party server we need to specify that server in the Raven/OAuthTokenServer and make sure that the server will return an Access Token created with the same Certificate as our server in string format.


var token = AccessToken.Create(CertificatePath, userId,