diff --git a/CHANGELOG.md b/CHANGELOG.md
index e69de29bb..fdbf13bda 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1 @@
+- Add new 2nd gen Firestore auth context triggers. (#1519)
diff --git a/package-lock.json b/package-lock.json
index 6a51af0a1..9f23b098b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,7 +13,6 @@
         "@types/express": "4.17.3",
         "cors": "^2.8.5",
         "express": "^4.17.1",
-        "node-fetch": "^2.6.7",
         "protobufjs": "^7.2.2"
       },
       "bin": {
diff --git a/spec/v2/providers/firestore.spec.ts b/spec/v2/providers/firestore.spec.ts
index e672703a6..e5406bdb3 100644
--- a/spec/v2/providers/firestore.spec.ts
+++ b/spec/v2/providers/firestore.spec.ts
@@ -84,6 +84,15 @@ function makeEvent(data?: any): firestore.RawFirestoreEvent {
   } as firestore.RawFirestoreEvent;
 }
 
+function makeAuthEvent(data?: any): firestore.RawFirestoreAuthEvent {
+  return {
+    ...eventBase,
+    data,
+    authid: "userId",
+    authtype: "unknown",
+  } as firestore.RawFirestoreAuthEvent;
+}
+
 const createdData = {
   value: {
     fields: {
@@ -511,6 +520,262 @@ describe("firestore", () => {
     });
   });
 
+  describe("onDocumentWrittenWithAuthContext", () => {
+    it("should create a func", () => {
+      const expectedEp = makeExpectedEp(
+        firestore.writtenEventWithAuthContextType,
+        {
+          database: "(default)",
+          namespace: "(default)",
+        },
+        {
+          document: "foo/{bar}",
+        }
+      );
+
+      const func = firestore.onDocumentWrittenWithAuthContext("foo/{bar}", () => 2);
+
+      expect(func.run(true as any)).to.eq(2);
+      expect(func.__endpoint).to.deep.eq(expectedEp);
+    });
+
+    it("should create a func with opts", () => {
+      const expectedEp = makeExpectedEp(
+        firestore.writtenEventWithAuthContextType,
+        {
+          database: "my-db",
+          namespace: "my-ns",
+        },
+        {
+          document: "foo/{bar}",
+        }
+      );
+      expectedEp["region"] = ["us-central1"];
+
+      const func = firestore.onDocumentWrittenWithAuthContext(
+        {
+          region: "us-central1",
+          document: "foo/{bar}",
+          database: "my-db",
+          namespace: "my-ns",
+        },
+        () => 2
+      );
+
+      expect(func.run(true as any)).to.eq(2);
+      expect(func.__endpoint).to.deep.eq(expectedEp);
+    });
+
+    it("calls init function", async () => {
+      const event: firestore.RawFirestoreEvent = {
+        ...eventBase,
+        datacontenttype: "application/json",
+        data: {
+          oldValue: null,
+          value: null,
+        },
+      };
+
+      let hello;
+      onInit(() => (hello = "world"));
+      expect(hello).to.be.undefined;
+      await firestore.onDocumentWrittenWithAuthContext("path", () => null)(event);
+      expect(hello).to.equal("world");
+    });
+  });
+
+  describe("onDocumentCreatedWithAuthContext", () => {
+    it("should create a func", () => {
+      const expectedEp = makeExpectedEp(
+        firestore.createdEventWithAuthContextType,
+        {
+          database: "(default)",
+          namespace: "(default)",
+        },
+        {
+          document: "foo/{bar}",
+        }
+      );
+
+      const func = firestore.onDocumentCreatedWithAuthContext("foo/{bar}", () => 2);
+
+      expect(func.run(true as any)).to.eq(2);
+      expect(func.__endpoint).to.deep.eq(expectedEp);
+    });
+
+    it("should create a func with opts", () => {
+      const expectedEp = makeExpectedEp(
+        firestore.createdEventWithAuthContextType,
+        {
+          database: "my-db",
+          namespace: "my-ns",
+        },
+        {
+          document: "foo/{bar}",
+        }
+      );
+      expectedEp["region"] = ["us-central1"];
+
+      const func = firestore.onDocumentCreatedWithAuthContext(
+        {
+          region: "us-central1",
+          document: "foo/{bar}",
+          database: "my-db",
+          namespace: "my-ns",
+        },
+        () => 2
+      );
+
+      expect(func.run(true as any)).to.eq(2);
+      expect(func.__endpoint).to.deep.eq(expectedEp);
+    });
+
+    it("calls init function", async () => {
+      const event: firestore.RawFirestoreEvent = {
+        ...eventBase,
+        datacontenttype: "application/json",
+        data: {
+          oldValue: null,
+          value: null,
+        },
+      };
+
+      let hello;
+      onInit(() => (hello = "world"));
+      expect(hello).to.be.undefined;
+      await firestore.onDocumentCreatedWithAuthContext("path", () => null)(event);
+      expect(hello).to.equal("world");
+    });
+  });
+
+  describe("onDocumentUpdatedWithAuthContext", () => {
+    it("should create a func", () => {
+      const expectedEp = makeExpectedEp(
+        firestore.updatedEventWithAuthContextType,
+        {
+          database: "(default)",
+          namespace: "(default)",
+        },
+        {
+          document: "foo/{bar}",
+        }
+      );
+
+      const func = firestore.onDocumentUpdatedWithAuthContext("foo/{bar}", () => 2);
+
+      expect(func.run(true as any)).to.eq(2);
+      expect(func.__endpoint).to.deep.eq(expectedEp);
+    });
+
+    it("should create a func with opts", () => {
+      const expectedEp = makeExpectedEp(
+        firestore.updatedEventWithAuthContextType,
+        {
+          database: "my-db",
+          namespace: "my-ns",
+        },
+        {
+          document: "foo/{bar}",
+        }
+      );
+      expectedEp["region"] = ["us-central1"];
+
+      const func = firestore.onDocumentUpdatedWithAuthContext(
+        {
+          region: "us-central1",
+          document: "foo/{bar}",
+          database: "my-db",
+          namespace: "my-ns",
+        },
+        () => 2
+      );
+
+      expect(func.run(true as any)).to.eq(2);
+      expect(func.__endpoint).to.deep.eq(expectedEp);
+    });
+
+    it("calls init function", async () => {
+      const event: firestore.RawFirestoreEvent = {
+        ...eventBase,
+        datacontenttype: "application/json",
+        data: {
+          oldValue: null,
+          value: null,
+        },
+      };
+
+      let hello;
+      onInit(() => (hello = "world"));
+      expect(hello).to.be.undefined;
+      await firestore.onDocumentUpdatedWithAuthContext("path", () => null)(event);
+      expect(hello).to.equal("world");
+    });
+  });
+
+  describe("onDocumentDeletedWithAuthContext", () => {
+    it("should create a func", () => {
+      const expectedEp = makeExpectedEp(
+        firestore.deletedEventWithAuthContextType,
+        {
+          database: "(default)",
+          namespace: "(default)",
+        },
+        {
+          document: "foo/{bar}",
+        }
+      );
+
+      const func = firestore.onDocumentDeletedWithAuthContext("foo/{bar}", () => 2);
+
+      expect(func.run(true as any)).to.eq(2);
+      expect(func.__endpoint).to.deep.eq(expectedEp);
+    });
+
+    it("should create a func with opts", () => {
+      const expectedEp = makeExpectedEp(
+        firestore.deletedEventWithAuthContextType,
+        {
+          database: "my-db",
+          namespace: "my-ns",
+        },
+        {
+          document: "foo/{bar}",
+        }
+      );
+      expectedEp["region"] = ["us-central1"];
+
+      const func = firestore.onDocumentDeletedWithAuthContext(
+        {
+          region: "us-central1",
+          document: "foo/{bar}",
+          database: "my-db",
+          namespace: "my-ns",
+        },
+        () => 2
+      );
+
+      expect(func.run(true as any)).to.eq(2);
+      expect(func.__endpoint).to.deep.eq(expectedEp);
+    });
+
+    it("calls init function", async () => {
+      const event: firestore.RawFirestoreEvent = {
+        ...eventBase,
+        datacontenttype: "application/json",
+        data: {
+          oldValue: null,
+          value: null,
+        },
+      };
+
+      let hello;
+      onInit(() => (hello = "world"));
+      expect(hello).to.be.undefined;
+      await firestore.onDocumentDeletedWithAuthContext("path", () => null)(event);
+      expect(hello).to.equal("world");
+    });
+  });
+
   describe("getOpts", () => {
     it("should handle document string", () => {
       const { document, database, namespace, opts } = firestore.getOpts("foo/{bar}");
@@ -720,6 +985,26 @@ describe("firestore", () => {
 
       expect(event.data.data()).to.deep.eq({ hello: "delete world" });
     });
+
+    it("should make event from a created event with auth context", () => {
+      const event = firestore.makeFirestoreEvent(
+        firestore.createdEventWithAuthContextType,
+        makeAuthEvent(makeEncodedProtobuf(createdProto)),
+        firestore.makeParams("foo/fGRodw71mHutZ4wGDuT8", new PathPattern("foo/{bar}"))
+      );
+
+      expect(event.data.data()).to.deep.eq({ hello: "create world" });
+    });
+
+    it("should include auth fields if provided in raw event", () => {
+      const event = firestore.makeFirestoreEvent(
+        firestore.createdEventWithAuthContextType,
+        makeAuthEvent(makeEncodedProtobuf(createdProto)),
+        firestore.makeParams("foo/fGRodw71mHutZ4wGDuT8", new PathPattern("foo/{bar}"))
+      );
+
+      expect(event).to.include({ authId: "userId", authType: "unknown" });
+    });
   });
 
   describe("makeChangedFirestoreEvent", () => {
@@ -753,6 +1038,15 @@ describe("firestore", () => {
     });
   });
 
+  it("should include auth fields if provided in raw event", () => {
+    const event = firestore.makeChangedFirestoreEvent(
+      makeAuthEvent(makeEncodedProtobuf(writtenProto)),
+      firestore.makeParams("foo/fGRodw71mHutZ4wGDuT8", new PathPattern("foo/{bar}"))
+    );
+
+    expect(event).to.include({ authId: "userId", authType: "unknown" });
+  });
+
   describe("makeEndpoint", () => {
     it("should make an endpoint with a document path pattern", () => {
       const expectedEp = makeExpectedEp(
diff --git a/src/v2/providers/firestore.ts b/src/v2/providers/firestore.ts
index cc78aa87f..1d8b823a1 100644
--- a/src/v2/providers/firestore.ts
+++ b/src/v2/providers/firestore.ts
@@ -52,6 +52,22 @@ export const updatedEventType = "google.cloud.firestore.document.v1.updated";
 /** @internal */
 export const deletedEventType = "google.cloud.firestore.document.v1.deleted";
 
+/** @internal */
+export const writtenEventWithAuthContextType =
+  "google.cloud.firestore.document.v1.written.withAuthContext";
+
+/** @internal */
+export const createdEventWithAuthContextType =
+  "google.cloud.firestore.document.v1.created.withAuthContext";
+
+/** @internal */
+export const updatedEventWithAuthContextType =
+  "google.cloud.firestore.document.v1.updated.withAuthContext";
+
+/** @internal */
+export const deletedEventWithAuthContextType =
+  "google.cloud.firestore.document.v1.deleted.withAuthContext";
+
 // https://github.com/googleapis/google-cloudevents-nodejs/blob/main/cloud/firestore/v1/DocumentEventData.ts
 /** @internal */
 export interface RawFirestoreDocument {
@@ -79,12 +95,28 @@ export interface RawFirestoreEvent extends CloudEvent<Uint8Array | RawFirestoreD
   dataschema: string;
 }
 
+/** @internal */
+export interface RawFirestoreAuthEvent extends RawFirestoreEvent {
+  authtype?: AuthType;
+  authid?: string;
+}
+
 /** A Firestore DocumentSnapshot */
 export type DocumentSnapshot = firestore.DocumentSnapshot;
 
 /** A Firestore QueryDocumentSnapshot */
 export type QueryDocumentSnapshot = firestore.QueryDocumentSnapshot;
 
+/**
+ * AuthType defines the possible values for the authType field in a Firestore event with auth context.
+ * - service_account: a non-user principal used to identify a workload or machine user.
+ * - api_key: a non-user client API key.
+ * - system: an obscured identity used when Cloud Platform or another system triggered the event. Examples include a database record which was deleted based on a TTL.
+ * - unauthenticated: an unauthenticated action.
+ * - unknown: a general type to capture all other principals not captured in the other auth types.
+ */
+export type AuthType = "service_account" | "api_key" | "system" | "unauthenticated" | "unknown";
+
 /** A CloudEvent that contains a DocumentSnapshot or a Change<DocumentSnapshot> */
 export interface FirestoreEvent<T, Params = Record<string, string>> extends CloudEvent<T> {
   /** The location of the Firestore instance */
@@ -104,6 +136,14 @@ export interface FirestoreEvent<T, Params = Record<string, string>> extends Clou
   params: Params;
 }
 
+export interface FirestoreAuthEvent<T, Params = Record<string, string>>
+  extends FirestoreEvent<T, Params> {
+  /** The type of principal that triggered the event */
+  authType: AuthType;
+  /** The unique identifier for the principal */
+  authId?: string;
+}
+
 /** DocumentOptions extend EventHandlerOptions with provided document and optional database and namespace.  */
 export interface DocumentOptions<Document extends string = string> extends EventHandlerOptions {
   /** The document path */
@@ -115,7 +155,7 @@ export interface DocumentOptions<Document extends string = string> extends Event
 }
 
 /**
- * Event handler which triggers when a document is created, updated, or deleted in Firestore.
+ * Event handler that triggers when a document is created, updated, or deleted in Firestore.
  *
  * @param document - The Firestore document path to trigger on.
  * @param handler - Event handler which is run every time a Firestore create, update, or delete occurs.
@@ -128,7 +168,7 @@ export function onDocumentWritten<Document extends string>(
 ): CloudFunction<FirestoreEvent<Change<DocumentSnapshot> | undefined, ParamsOf<Document>>>;
 
 /**
- * Event handler which triggers when a document is created, updated, or deleted in Firestore.
+ * Event handler that triggers when a document is created, updated, or deleted in Firestore.
  *
  * @param opts - Options that can be set on an individual event-handling function.
  * @param handler - Event handler which is run every time a Firestore create, update, or delete occurs.
@@ -141,7 +181,7 @@ export function onDocumentWritten<Document extends string>(
 ): CloudFunction<FirestoreEvent<Change<DocumentSnapshot> | undefined, ParamsOf<Document>>>;
 
 /**
- * Event handler which triggers when a document is created, updated, or deleted in Firestore.
+ * Event handler that triggers when a document is created, updated, or deleted in Firestore.
  *
  * @param documentOrOpts - Options or a string document path.
  * @param handler - Event handler which is run every time a Firestore create, update, or delete occurs.
@@ -156,7 +196,51 @@ export function onDocumentWritten<Document extends string>(
 }
 
 /**
- * Event handler which triggers when a document is created in Firestore.
+ * Event handler that triggers when a document is created, updated, or deleted in Firestore.
+ * This trigger also provides the authentication context of the principal who triggered the event.
+ *
+ * @param document - The Firestore document path to trigger on.
+ * @param handler - Event handler which is run every time a Firestore create, update, or delete occurs.
+ */
+export function onDocumentWrittenWithAuthContext<Document extends string>(
+  document: Document,
+  handler: (
+    event: FirestoreAuthEvent<Change<DocumentSnapshot> | undefined, ParamsOf<Document>>
+  ) => any | Promise<any>
+): CloudFunction<FirestoreAuthEvent<Change<DocumentSnapshot> | undefined, ParamsOf<Document>>>;
+
+/**
+ * Event handler that triggers when a document is created, updated, or deleted in Firestore.
+ * This trigger also provides the authentication context of the principal who triggered the event.
+ *
+ * @param opts - Options that can be set on an individual event-handling function.
+ * @param handler - Event handler which is run every time a Firestore create, update, or delete occurs.
+ */
+export function onDocumentWrittenWithAuthContext<Document extends string>(
+  opts: DocumentOptions<Document>,
+  handler: (
+    event: FirestoreAuthEvent<Change<DocumentSnapshot> | undefined, ParamsOf<Document>>
+  ) => any | Promise<any>
+): CloudFunction<FirestoreAuthEvent<Change<DocumentSnapshot> | undefined, ParamsOf<Document>>>;
+
+/**
+ * Event handler that triggers when a document is created, updated, or deleted in Firestore.
+ * This trigger also provides the authentication context of the principal who triggered the event.
+ *
+ * @param opts - Options or a string document path.
+ * @param handler - Event handler which is run every time a Firestore create, update, or delete occurs.
+ */
+export function onDocumentWrittenWithAuthContext<Document extends string>(
+  documentOrOpts: Document | DocumentOptions<Document>,
+  handler: (
+    event: FirestoreAuthEvent<Change<DocumentSnapshot> | undefined, ParamsOf<Document>>
+  ) => any | Promise<any>
+): CloudFunction<FirestoreAuthEvent<Change<DocumentSnapshot> | undefined, ParamsOf<Document>>> {
+  return onChangedOperation(writtenEventWithAuthContextType, documentOrOpts, handler);
+}
+
+/**
+ * Event handler that triggers when a document is created in Firestore.
  *
  * @param document - The Firestore document path to trigger on.
  * @param handler - Event handler which is run every time a Firestore create occurs.
@@ -169,7 +253,7 @@ export function onDocumentCreated<Document extends string>(
 ): CloudFunction<FirestoreEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>>;
 
 /**
- * Event handler which triggers when a document is created in Firestore.
+ * Event handler that triggers when a document is created in Firestore.
  *
  * @param opts - Options that can be set on an individual event-handling function.
  * @param handler - Event handler which is run every time a Firestore create occurs.
@@ -182,7 +266,7 @@ export function onDocumentCreated<Document extends string>(
 ): CloudFunction<FirestoreEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>>;
 
 /**
- * Event handler which triggers when a document is created in Firestore.
+ * Event handler that triggers when a document is created in Firestore.
  *
  * @param documentOrOpts - Options or a string document path.
  * @param handler - Event handler which is run every time a Firestore create occurs.
@@ -197,7 +281,50 @@ export function onDocumentCreated<Document extends string>(
 }
 
 /**
- * Event handler which triggers when a document is updated in Firestore.
+ * Event handler that triggers when a document is created in Firestore.
+ * This trigger also provides the authentication context of the principal who triggered the event.
+ *
+ * @param document - The Firestore document path to trigger on.
+ * @param handler - Event handler which is run every time a Firestore create occurs.
+ */
+export function onDocumentCreatedWithAuthContext<Document extends string>(
+  document: Document,
+  handler: (
+    event: FirestoreAuthEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>
+  ) => any | Promise<any>
+): CloudFunction<FirestoreAuthEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>>;
+
+/**
+ * Event handler that triggers when a document is created in Firestore.
+ * This trigger also provides the authentication context of the principal who triggered the event.
+ *
+ * @param opts - Options that can be set on an individual event-handling function.
+ * @param handler - Event handler which is run every time a Firestore create occurs.
+ */
+export function onDocumentCreatedWithAuthContext<Document extends string>(
+  opts: DocumentOptions<Document>,
+  handler: (
+    event: FirestoreAuthEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>
+  ) => any | Promise<any>
+): CloudFunction<FirestoreAuthEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>>;
+
+/**
+ * Event handler that triggers when a document is created in Firestore.
+ *
+ * @param documentOrOpts - Options or a string document path.
+ * @param handler - Event handler which is run every time a Firestore create occurs.
+ */
+export function onDocumentCreatedWithAuthContext<Document extends string>(
+  documentOrOpts: Document | DocumentOptions<Document>,
+  handler: (
+    event: FirestoreAuthEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>
+  ) => any | Promise<any>
+): CloudFunction<FirestoreAuthEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>> {
+  return onOperation(createdEventWithAuthContextType, documentOrOpts, handler);
+}
+
+/**
+ * Event handler that triggers when a document is updated in Firestore.
  *
  * @param document - The Firestore document path to trigger on.
  * @param handler - Event handler which is run every time a Firestore update occurs.
@@ -209,7 +336,7 @@ export function onDocumentUpdated<Document extends string>(
   ) => any | Promise<any>
 ): CloudFunction<FirestoreEvent<Change<QueryDocumentSnapshot> | undefined, ParamsOf<Document>>>;
 /**
- * Event handler which triggers when a document is updated in Firestore.
+ * Event handler that triggers when a document is updated in Firestore.
  *
  * @param opts - Options that can be set on an individual event-handling function.
  * @param handler - Event handler which is run every time a Firestore update occurs.
@@ -222,7 +349,7 @@ export function onDocumentUpdated<Document extends string>(
 ): CloudFunction<FirestoreEvent<Change<QueryDocumentSnapshot> | undefined, ParamsOf<Document>>>;
 
 /**
- * Event handler which triggers when a document is updated in Firestore.
+ * Event handler that triggers when a document is updated in Firestore.
  *
  * @param documentOrOpts - Options or a string document path.
  * @param handler - Event handler which is run every time a Firestore update occurs.
@@ -237,7 +364,52 @@ export function onDocumentUpdated<Document extends string>(
 }
 
 /**
- * Event handler which triggers when a document is deleted in Firestore.
+ * Event handler that triggers when a document is updated in Firestore.
+ * This trigger also provides the authentication context of the principal who triggered the event.
+ *
+ * @param document - The Firestore document path to trigger on.
+ * @param handler - Event handler which is run every time a Firestore update occurs.
+ */
+export function onDocumentUpdatedWithAuthContext<Document extends string>(
+  document: Document,
+  handler: (
+    event: FirestoreAuthEvent<Change<QueryDocumentSnapshot> | undefined, ParamsOf<Document>>
+  ) => any | Promise<any>
+): CloudFunction<FirestoreAuthEvent<Change<QueryDocumentSnapshot> | undefined, ParamsOf<Document>>>;
+
+/**
+ * Event handler that triggers when a document is updated in Firestore.
+ * This trigger also provides the authentication context of the principal who triggered the event.
+ *
+ * @param opts - Options that can be set on an individual event-handling function.
+ * @param handler - Event handler which is run every time a Firestore update occurs.
+ */
+export function onDocumentUpdatedWithAuthContext<Document extends string>(
+  opts: DocumentOptions<Document>,
+  handler: (
+    event: FirestoreAuthEvent<Change<QueryDocumentSnapshot> | undefined, ParamsOf<Document>>
+  ) => any | Promise<any>
+): CloudFunction<FirestoreAuthEvent<Change<QueryDocumentSnapshot> | undefined, ParamsOf<Document>>>;
+
+/**
+ * Event handler that triggers when a document is updated in Firestore.
+ *
+ * @param documentOrOpts - Options or a string document path.
+ * @param handler - Event handler which is run every time a Firestore update occurs.
+ */
+export function onDocumentUpdatedWithAuthContext<Document extends string>(
+  documentOrOpts: Document | DocumentOptions<Document>,
+  handler: (
+    event: FirestoreAuthEvent<Change<QueryDocumentSnapshot> | undefined, ParamsOf<Document>>
+  ) => any | Promise<any>
+): CloudFunction<
+  FirestoreAuthEvent<Change<QueryDocumentSnapshot> | undefined, ParamsOf<Document>>
+> {
+  return onChangedOperation(updatedEventWithAuthContextType, documentOrOpts, handler);
+}
+
+/**
+ * Event handler that triggers when a document is deleted in Firestore.
  *
  * @param document - The Firestore document path to trigger on.
  * @param handler - Event handler which is run every time a Firestore delete occurs.
@@ -250,7 +422,7 @@ export function onDocumentDeleted<Document extends string>(
 ): CloudFunction<FirestoreEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>>;
 
 /**
- * Event handler which triggers when a document is deleted in Firestore.
+ * Event handler that triggers when a document is deleted in Firestore.
  *
  * @param opts - Options that can be set on an individual event-handling function.
  * @param handler - Event handler which is run every time a Firestore delete occurs.
@@ -263,7 +435,7 @@ export function onDocumentDeleted<Document extends string>(
 ): CloudFunction<FirestoreEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>>;
 
 /**
- * Event handler which triggers when a document is deleted in Firestore.
+ * Event handler that triggers when a document is deleted in Firestore.
  *
  * @param documentOrOpts - Options or a string document path.
  * @param handler - Event handler which is run every time a Firestore delete occurs.
@@ -277,6 +449,49 @@ export function onDocumentDeleted<Document extends string>(
   return onOperation(deletedEventType, documentOrOpts, handler);
 }
 
+/**
+ * Event handler that triggers when a document is deleted in Firestore.
+ * This trigger also provides the authentication context of the principal who triggered the event.
+ *
+ * @param document - The Firestore document path to trigger on.
+ * @param handler - Event handler which is run every time a Firestore delete occurs.
+ */
+export function onDocumentDeletedWithAuthContext<Document extends string>(
+  document: Document,
+  handler: (
+    event: FirestoreAuthEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>
+  ) => any | Promise<any>
+): CloudFunction<FirestoreAuthEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>>;
+
+/**
+ * Event handler that triggers when a document is deleted in Firestore.
+ * This trigger also provides the authentication context of the principal who triggered the event.
+ *
+ * @param opts - Options that can be set on an individual event-handling function.
+ * @param handler - Event handler which is run every time a Firestore delete occurs.
+ */
+export function onDocumentDeletedWithAuthContext<Document extends string>(
+  opts: DocumentOptions<Document>,
+  handler: (
+    event: FirestoreAuthEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>
+  ) => any | Promise<any>
+): CloudFunction<FirestoreAuthEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>>;
+
+/**
+ * Event handler that triggers when a document is deleted in Firestore.
+ *
+ * @param documentOrOpts - Options or a string document path.
+ * @param handler - Event handler which is run every time a Firestore delete occurs.
+ */
+export function onDocumentDeletedWithAuthContext<Document extends string>(
+  documentOrOpts: Document | DocumentOptions<Document>,
+  handler: (
+    event: FirestoreAuthEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>
+  ) => any | Promise<any>
+): CloudFunction<FirestoreAuthEvent<QueryDocumentSnapshot | undefined, ParamsOf<Document>>> {
+  return onOperation(deletedEventWithAuthContextType, documentOrOpts, handler);
+}
+
 /** @internal */
 export function getOpts(documentOrOpts: string | DocumentOptions) {
   let document: string | Expression<string>;
@@ -362,11 +577,13 @@ export function makeParams(document: string, documentPattern: PathPattern) {
 /** @internal */
 export function makeFirestoreEvent<Params>(
   eventType: string,
-  event: RawFirestoreEvent,
+  event: RawFirestoreEvent | RawFirestoreAuthEvent,
   params: Params
-): FirestoreEvent<QueryDocumentSnapshot | undefined, Params> {
+):
+  | FirestoreEvent<QueryDocumentSnapshot | undefined, Params>
+  | FirestoreAuthEvent<QueryDocumentSnapshot | undefined, Params> {
   const data = event.data
-    ? eventType === createdEventType
+    ? eventType === createdEventType || eventType === createdEventWithAuthContextType
       ? createSnapshot(event)
       : createBeforeSnapshot(event)
     : undefined;
@@ -375,16 +592,31 @@ export function makeFirestoreEvent<Params>(
     params,
     data,
   };
+
   delete (firestoreEvent as any).datacontenttype;
   delete (firestoreEvent as any).dataschema;
+
+  if ("authtype" in event) {
+    const eventWithAuth = {
+      ...firestoreEvent,
+      authType: event.authtype,
+      authId: event.authid,
+    };
+    delete (eventWithAuth as any).authtype;
+    delete (eventWithAuth as any).authid;
+    return eventWithAuth;
+  }
+
   return firestoreEvent;
 }
 
 /** @internal */
 export function makeChangedFirestoreEvent<Params>(
-  event: RawFirestoreEvent,
+  event: RawFirestoreEvent | RawFirestoreAuthEvent,
   params: Params
-): FirestoreEvent<Change<QueryDocumentSnapshot> | undefined, Params> {
+):
+  | FirestoreEvent<Change<DocumentSnapshot> | undefined, Params>
+  | FirestoreAuthEvent<Change<DocumentSnapshot> | undefined, Params> {
   const data = event.data
     ? Change.fromObjects(createBeforeSnapshot(event), createSnapshot(event))
     : undefined;
@@ -395,6 +627,18 @@ export function makeChangedFirestoreEvent<Params>(
   };
   delete (firestoreEvent as any).datacontenttype;
   delete (firestoreEvent as any).dataschema;
+
+  if ("authtype" in event) {
+    const eventWithAuth = {
+      ...firestoreEvent,
+      authType: event.authtype,
+      authId: event.authid,
+    };
+    delete (eventWithAuth as any).authtype;
+    delete (eventWithAuth as any).authid;
+    return eventWithAuth;
+  }
+
   return firestoreEvent;
 }
 
@@ -441,16 +685,19 @@ export function makeEndpoint(
 }
 
 /** @internal */
-export function onOperation<Document extends string>(
+export function onOperation<
+  Document extends string,
+  Event extends FirestoreEvent<QueryDocumentSnapshot, ParamsOf<Document>>
+>(
   eventType: string,
   documentOrOpts: Document | DocumentOptions<Document>,
-  handler: (event: FirestoreEvent<QueryDocumentSnapshot, ParamsOf<Document>>) => any | Promise<any>
-): CloudFunction<FirestoreEvent<QueryDocumentSnapshot, ParamsOf<Document>>> {
+  handler: (event: Event) => any | Promise<any>
+): CloudFunction<Event> {
   const { document, database, namespace, opts } = getOpts(documentOrOpts);
 
   // wrap the handler
   const func = (raw: CloudEvent<unknown>) => {
-    const event = raw as RawFirestoreEvent;
+    const event = raw as RawFirestoreEvent | RawFirestoreAuthEvent;
     const documentPattern = new PathPattern(
       typeof document === "string" ? document : document.value()
     );
@@ -467,18 +714,19 @@ export function onOperation<Document extends string>(
 }
 
 /** @internal */
-export function onChangedOperation<Document extends string>(
+export function onChangedOperation<
+  Document extends string,
+  Event extends FirestoreEvent<Change<DocumentSnapshot>, ParamsOf<Document>>
+>(
   eventType: string,
   documentOrOpts: Document | DocumentOptions<Document>,
-  handler: (
-    event: FirestoreEvent<Change<QueryDocumentSnapshot>, ParamsOf<Document>>
-  ) => any | Promise<any>
-): CloudFunction<FirestoreEvent<Change<QueryDocumentSnapshot>, ParamsOf<Document>>> {
+  handler: (event: Event) => any | Promise<any>
+): CloudFunction<Event> {
   const { document, database, namespace, opts } = getOpts(documentOrOpts);
 
   // wrap the handler
   const func = (raw: CloudEvent<unknown>) => {
-    const event = raw as RawFirestoreEvent;
+    const event = raw as RawFirestoreEvent | RawFirestoreAuthEvent;
     const documentPattern = new PathPattern(
       typeof document === "string" ? document : document.value()
     );