diff --git a/spec/v2/providers/database.spec.ts b/spec/v2/providers/database.spec.ts
index 9eabf61ca..bd0a10b39 100644
--- a/spec/v2/providers/database.spec.ts
+++ b/spec/v2/providers/database.spec.ts
@@ -42,6 +42,8 @@ const RAW_RTDB_EVENT: database.RawRTDBCloudEvent = {
   specversion: "1.0",
   time: "time",
   type: "type",
+  authid: "uid",
+  authtype: "unauthenticated",
 };
 
 describe("database", () => {
@@ -461,6 +463,19 @@ describe("database", () => {
       await database.onValueWritten("path", () => null)(event);
       expect(hello).to.equal("world");
     });
+
+    it("should pass auth context into the event", async () => {
+      const raw = {
+        ...RAW_RTDB_EVENT,
+      };
+
+      const func = database.onValueWritten("foo/bar", (event) => {
+        expect(event.authid).to.equal("uid");
+        expect(event.authtype).to.equal("unauthenticated");
+      });
+
+      await func(raw);
+    });
   });
 
   describe("onValueCreated", () => {
diff --git a/src/v2/providers/database.ts b/src/v2/providers/database.ts
index c85f01172..561b38680 100644
--- a/src/v2/providers/database.ts
+++ b/src/v2/providers/database.ts
@@ -63,8 +63,19 @@ export interface RawRTDBCloudEvent extends CloudEvent<RawRTDBCloudEventData> {
   instance: string;
   ref: string;
   location: string;
+  authtype: AuthType;
+  authid?: string;
 }
 
+/**
+ * AuthType defines the possible values for the authType field in a Realtime Database event.
+ * - app_user: an end user of an application..
+ * - admin: an admin user of an application. In the context of impersonate endpoints used by the admin SDK, the impersonator.
+ * - unauthenticated: no credentials were used to authenticate the change that triggered the occurrence.
+ * - unknown: a general type to capture all other principals not captured in the other auth types.
+ */
+export type AuthType = "app_user" | "admin" | "unauthenticated" | "unknown";
+
 /** A CloudEvent that contains a DataSnapshot or a Change<DataSnapshot> */
 export interface DatabaseEvent<T, Params = Record<string, string>> extends CloudEvent<T> {
   /** The domain of the database instance */
@@ -80,6 +91,14 @@ export interface DatabaseEvent<T, Params = Record<string, string>> extends Cloud
    * Only named capture groups will be populated - {key}, {key=*}, {key=**}
    */
   params: Params;
+  /**
+   * The type of principal that triggered the event.
+   */
+  authtype: AuthType;
+  /**
+   * The unique identifier of the principal.
+   */
+  authid?: string;
 }
 
 /** ReferenceOptions extend EventHandlerOptions with provided ref and optional instance  */
@@ -384,6 +403,8 @@ function makeDatabaseEvent<Params>(
     firebaseDatabaseHost: event.firebasedatabasehost,
     data: snapshot,
     params,
+    authtype: event.authtype,
+    authid: event.authid,
   };
   delete (databaseEvent as any).firebasedatabasehost;
   return databaseEvent;