firebase
diff --git a/‎example/firestore/lib/main.dart‎
Lines changed: 29 additions & 0 deletions b/‎example/firestore/lib/main.dart‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎example/firestore_test/lib/main.dart‎
Lines changed: 28 additions & 0 deletions b/‎example/firestore_test/lib/main.dart‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎lib/builder.dart‎
Lines changed: 4 additions & 0 deletions b/‎lib/builder.dart‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎lib/src/builder/manifest.dart‎
Lines changed: 8 additions & 0 deletions b/‎lib/src/builder/manifest.dart‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎lib/src/firestore/event.dart‎
Lines changed: 93 additions & 0 deletions b/‎lib/src/firestore/event.dart‎
Lines changed: 93 additions & 0 deletions
@@ -48,6 +48,35 @@ void main(List<String> args) async {
       }
     });
 
+    // Firestore WithAuthContext trigger examples
+    // These variants include authentication context identifying
+    // the principal that triggered the Firestore write.
+    firebase.firestore.onDocumentCreatedWithAuthContext(
+      document: 'orders/{orderId}',
+      (event) async {
+        print('Document created by: ${event.authType} (${event.authId})');
+        final data = event.data?.data();
+        print('  Order: ${data?['product']}');
+        print('  Params: ${event.params}');
+      },
+    );
+
+    firebase.firestore.onDocumentWrittenWithAuthContext(
+      document: 'orders/{orderId}',
+      (event) async {
+        print('Document written by: ${event.authType} (${event.authId})');
+        final before = event.data?.before;
+        final after = event.data?.after;
+        if (before == null || !before.exists) {
+          print('  Operation: CREATE');
+        } else if (after == null || !after.exists) {
+          print('  Operation: DELETE');
+        } else {
+          print('  Operation: UPDATE');
+        }
+      },
+    );
+
     // Nested collection trigger example
     firebase.firestore.onDocumentCreated(
       document: 'posts/{postId}/comments/{commentId}',
 
@@ -87,6 +87,34 @@ void main(List<String> args) async {
       }
     });
 
+    // Test onDocumentCreatedWithAuthContext
+    firebase.firestore.onDocumentCreatedWithAuthContext(
+      document: 'orders/{orderId}',
+      (event) async {
+        print('=== ORDER CREATED WITH AUTH CONTEXT ===');
+        print('Order created: ${event.document}');
+        print('Auth type: ${event.authType}');
+        print('Auth ID: ${event.authId}');
+        print('Params: ${event.params}');
+
+        if (event.data != null) {
+          final data = event.data!.data();
+          print('Order data: $data');
+        }
+      },
+    );
+
+    // Test onDocumentWrittenWithAuthContext
+    firebase.firestore.onDocumentWrittenWithAuthContext(
+      document: 'orders/{orderId}',
+      (event) async {
+        print('=== ORDER WRITTEN WITH AUTH CONTEXT ===');
+        print('Order written: ${event.document}');
+        print('Auth type: ${event.authType}');
+        print('Auth ID: ${event.authId}');
+      },
+    );
+
     // Test onDocumentWritten (catches all operations)
     firebase.firestore.onDocumentWritten(document: 'users/{userId}', (
       event,
 
@@ -117,6 +117,10 @@ class _FirebaseFunctionsVisitor extends RecursiveAstVisitor<void> {
           'onDocumentUpdated',
           'onDocumentDeleted',
           'onDocumentWritten',
+          'onDocumentCreatedWithAuthContext',
+          'onDocumentUpdatedWithAuthContext',
+          'onDocumentDeletedWithAuthContext',
+          'onDocumentWrittenWithAuthContext',
         ],
       ),
       _Namespace(
 
@@ -414,6 +414,14 @@ String _mapFirestoreEventType(String methodName) => switch (methodName) {
   'onDocumentUpdated' => 'google.cloud.firestore.document.v1.updated',
   'onDocumentDeleted' => 'google.cloud.firestore.document.v1.deleted',
   'onDocumentWritten' => 'google.cloud.firestore.document.v1.written',
+  'onDocumentCreatedWithAuthContext' =>
+    'google.cloud.firestore.document.v1.created.withAuthContext',
+  'onDocumentUpdatedWithAuthContext' =>
+    'google.cloud.firestore.document.v1.updated.withAuthContext',
+  'onDocumentDeletedWithAuthContext' =>
+    'google.cloud.firestore.document.v1.deleted.withAuthContext',
+  'onDocumentWrittenWithAuthContext' =>
+    'google.cloud.firestore.document.v1.written.withAuthContext',
   _ => throw ArgumentError('Unknown Firestore event type: $methodName'),
 };
 
 
@@ -1,5 +1,43 @@
 import '../common/cloud_event.dart';
 
+/// The type of principal that triggered the event.
+///
+/// Matches the Node.js SDK's `AuthType` type.
+enum AuthType {
+  /// A non-user principal used to identify a workload or machine user.
+  serviceAccount('service_account'),
+
+  /// A non-user client API key.
+  apiKey('api_key'),
+
+  /// An obscured identity used when Cloud Platform or another system
+  /// triggered the event (e.g., TTL-based database deletion).
+  system('system'),
+
+  /// An unauthenticated action.
+  unauthenticated('unauthenticated'),
+
+  /// A general type to capture all other principals not captured
+  /// in other auth types.
+  unknown('unknown');
+
+  const AuthType(this.value);
+
+  /// The wire value as sent in CloudEvent headers.
+  final String value;
+
+  /// Parses an [AuthType] from the wire value string.
+  ///
+  /// Returns [AuthType.unknown] if the value is not recognized.
+  static AuthType fromString(String value) => switch (value) {
+    'service_account' => AuthType.serviceAccount,
+    'api_key' => AuthType.apiKey,
+    'system' => AuthType.system,
+    'unauthenticated' => AuthType.unauthenticated,
+    _ => AuthType.unknown,
+  };
+}
+
 /// A CloudEvent that contains a DocumentSnapshot or a `Change<DocumentSnapshot>`.
 ///
 /// This event type extends the base [CloudEvent] with Firestore-specific fields.
@@ -93,3 +131,58 @@ class FirestoreEvent<T extends Object?> extends CloudEvent<T> {
     return json;
   }
 }
+
+/// A [FirestoreEvent] that includes authentication context.
+///
+/// This event type is used by the `WithAuthContext` trigger variants
+/// (e.g., [FirestoreNamespace.onDocumentCreatedWithAuthContext]).
+///
+/// The auth context identifies which principal triggered the Firestore write.
+/// Note: this is different from HTTPS callable auth — it identifies the
+/// principal type (service account, API key, etc.), not a Firebase Auth user.
+///
+/// Example:
+/// ```dart
+/// firebase.firestore.onDocumentCreatedWithAuthContext(
+///   document: 'users/{userId}',
+///   (event) async {
+///     print('Auth type: ${event.authType}');
+///     print('Auth ID: ${event.authId}');
+///   },
+/// );
+/// ```
+class FirestoreAuthEvent<T extends Object?> extends FirestoreEvent<T> {
+  const FirestoreAuthEvent({
+    super.data,
+    required super.id,
+    required super.source,
+    required super.specversion,
+    super.subject,
+    required super.time,
+    required super.type,
+    required super.location,
+    required super.project,
+    required super.database,
+    required super.namespace,
+    required super.document,
+    required super.params,
+    required this.authType,
+    this.authId,
+  });
+
+  /// The type of principal that triggered the event.
+  final AuthType authType;
+
+  /// The unique identifier for the principal.
+  ///
+  /// May be `null` for system-triggered or unauthenticated events.
+  final String? authId;
+
+  @override
+  Map<String, dynamic> toJson(Map<String, dynamic> Function(T) dataEncoder) {
+    final json = super.toJson(dataEncoder);
+    json['authType'] = authType.value;
+    if (authId != null) json['authId'] = authId;
+    return json;
+  }
+}