diff --git a/bolt-api-netty/src/main/java/org/neo4j/driver/internal/bolt/basicimpl/NettyBoltConnectionProvider.java b/bolt-api-netty/src/main/java/org/neo4j/driver/internal/bolt/basicimpl/NettyBoltConnectionProvider.java
index 8290c3678e..40c3add98e 100644
--- a/bolt-api-netty/src/main/java/org/neo4j/driver/internal/bolt/basicimpl/NettyBoltConnectionProvider.java
+++ b/bolt-api-netty/src/main/java/org/neo4j/driver/internal/bolt/basicimpl/NettyBoltConnectionProvider.java
@@ -31,6 +31,7 @@
 import java.util.function.Consumer;
 import java.util.function.Supplier;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BoltAgent;
 import org.neo4j.driver.internal.bolt.api.BoltConnection;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionProvider;
@@ -44,7 +45,6 @@
 import org.neo4j.driver.internal.bolt.api.RoutingContext;
 import org.neo4j.driver.internal.bolt.api.SecurityPlan;
 import org.neo4j.driver.internal.bolt.api.exception.MinVersionAcquisitionException;
-import org.neo4j.driver.internal.bolt.api.values.Value;
 import org.neo4j.driver.internal.bolt.api.values.ValueFactory;
 import org.neo4j.driver.internal.bolt.basicimpl.impl.BoltConnectionImpl;
 import org.neo4j.driver.internal.bolt.basicimpl.impl.ConnectionProvider;
@@ -110,7 +110,7 @@ public CompletionStage<Void> init(
     public CompletionStage<BoltConnection> connect(
             SecurityPlan securityPlan,
             DatabaseName databaseName,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             AccessMode mode,
             Set<String> bookmarks,
             String impersonatedUser,
@@ -125,17 +125,17 @@ public CompletionStage<BoltConnection> connect(
         }
 
         var latestAuthMillisFuture = new CompletableFuture<Long>();
-        var authMapRef = new AtomicReference<Map<String, Value>>();
-        return authMapStageSupplier
+        var authMapRef = new AtomicReference<AuthToken>();
+        return authTokenStageSupplier
                 .get()
-                .thenCompose(authMap -> {
-                    authMapRef.set(authMap);
+                .thenCompose(authToken -> {
+                    authMapRef.set(authToken);
                     return this.connectionProvider.acquireConnection(
                             address,
                             securityPlan,
                             routingContext,
                             databaseName != null ? databaseName.databaseName().orElse(null) : null,
-                            authMap,
+                            authToken.asMap(),
                             boltAgent,
                             userAgent,
                             mode,
@@ -180,11 +180,11 @@ public CompletionStage<BoltConnection> connect(
     }
 
     @Override
-    public CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, Map<String, Value> authMap) {
+    public CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, AuthToken authToken) {
         return connect(
                         securityPlan,
                         null,
-                        () -> CompletableFuture.completedStage(authMap),
+                        () -> CompletableFuture.completedStage(authToken),
                         AccessMode.WRITE,
                         Collections.emptySet(),
                         null,
@@ -196,11 +196,11 @@ public CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, Map<S
     }
 
     @Override
-    public CompletionStage<Boolean> supportsMultiDb(SecurityPlan securityPlan, Map<String, Value> authMap) {
+    public CompletionStage<Boolean> supportsMultiDb(SecurityPlan securityPlan, AuthToken authToken) {
         return connect(
                         securityPlan,
                         null,
-                        () -> CompletableFuture.completedStage(authMap),
+                        () -> CompletableFuture.completedStage(authToken),
                         AccessMode.WRITE,
                         Collections.emptySet(),
                         null,
@@ -215,11 +215,11 @@ public CompletionStage<Boolean> supportsMultiDb(SecurityPlan securityPlan, Map<S
     }
 
     @Override
-    public CompletionStage<Boolean> supportsSessionAuth(SecurityPlan securityPlan, Map<String, Value> authMap) {
+    public CompletionStage<Boolean> supportsSessionAuth(SecurityPlan securityPlan, AuthToken authToken) {
         return connect(
                         securityPlan,
                         null,
-                        () -> CompletableFuture.completedStage(authMap),
+                        () -> CompletableFuture.completedStage(authToken),
                         AccessMode.WRITE,
                         Collections.emptySet(),
                         null,
diff --git a/bolt-api-netty/src/main/java/org/neo4j/driver/internal/bolt/basicimpl/impl/BoltConnectionImpl.java b/bolt-api-netty/src/main/java/org/neo4j/driver/internal/bolt/basicimpl/impl/BoltConnectionImpl.java
index 4072d40a07..a6438b9110 100644
--- a/bolt-api-netty/src/main/java/org/neo4j/driver/internal/bolt/basicimpl/impl/BoltConnectionImpl.java
+++ b/bolt-api-netty/src/main/java/org/neo4j/driver/internal/bolt/basicimpl/impl/BoltConnectionImpl.java
@@ -33,7 +33,8 @@
 import java.util.function.Function;
 import java.util.stream.Collectors;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
-import org.neo4j.driver.internal.bolt.api.AuthData;
+import org.neo4j.driver.internal.bolt.api.AuthInfo;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BoltConnection;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionState;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
@@ -82,7 +83,7 @@ public final class BoltConnectionImpl implements BoltConnection {
     private final boolean telemetrySupported;
     private final boolean serverSideRouting;
     private final AtomicReference<BoltConnectionState> stateRef = new AtomicReference<>(BoltConnectionState.OPEN);
-    private final AtomicReference<CompletableFuture<AuthData>> authDataRef;
+    private final AtomicReference<CompletableFuture<AuthInfo>> authDataRef;
     private final Map<String, Value> routingContext;
     private final Queue<Function<ResponseHandler, CompletionStage<Void>>> messageWriters;
     private final Clock clock;
@@ -92,7 +93,7 @@ public BoltConnectionImpl(
             BoltProtocol protocol,
             Connection connection,
             EventLoop eventLoop,
-            Map<String, Value> authMap,
+            AuthToken authToken,
             CompletableFuture<Long> latestAuthMillisFuture,
             RoutingContext routingContext,
             Clock clock,
@@ -107,7 +108,7 @@ public BoltConnectionImpl(
         this.telemetrySupported = connection.isTelemetryEnabled();
         this.serverSideRouting = connection.isSsrEnabled();
         this.authDataRef = new AtomicReference<>(
-                CompletableFuture.completedFuture(new AuthDataImpl(authMap, latestAuthMillisFuture.join())));
+                CompletableFuture.completedFuture(new AuthInfoImpl(authToken, latestAuthMillisFuture.join())));
         this.valueFactory = Objects.requireNonNull(valueFactory);
         this.routingContext = routingContext.toMap().entrySet().stream()
                 .collect(Collectors.toUnmodifiableMap(
@@ -369,10 +370,10 @@ public void onSummary(Void summary) {
     }
 
     @Override
-    public CompletionStage<BoltConnection> logon(Map<String, Value> authMap) {
+    public CompletionStage<BoltConnection> logon(AuthToken authToken) {
         return executeInEventLoop(() -> messageWriters.add(handler -> protocol.logon(
                         connection,
-                        authMap,
+                        authToken.asMap(),
                         clock,
                         new MessageHandler<>() {
                             @Override
@@ -383,7 +384,7 @@ public void onError(Throwable throwable) {
 
                             @Override
                             public void onSummary(Void summary) {
-                                authDataRef.get().complete(new AuthDataImpl(authMap, clock.millis()));
+                                authDataRef.get().complete(new AuthInfoImpl(authToken, clock.millis()));
                                 handler.onLogonSummary(null);
                             }
                         },
@@ -498,7 +499,7 @@ public BoltConnectionState state() {
     }
 
     @Override
-    public CompletionStage<AuthData> authData() {
+    public CompletionStage<AuthInfo> authInfo() {
         return authDataRef.get();
     }
 
@@ -572,7 +573,7 @@ private void updateState(Throwable throwable) {
         }
     }
 
-    private record AuthDataImpl(Map<String, Value> authMap, long authAckMillis) implements AuthData {}
+    private record AuthInfoImpl(AuthToken authToken, long authAckMillis) implements AuthInfo {}
 
     private static class ResponseHandleImpl implements ResponseHandler {
         private final ResponseHandler delegate;
diff --git a/bolt-api-pooled/src/main/java/org/neo4j/driver/internal/bolt/pooledimpl/PooledBoltConnectionProvider.java b/bolt-api-pooled/src/main/java/org/neo4j/driver/internal/bolt/pooledimpl/PooledBoltConnectionProvider.java
index a066c6b95f..f367c4d237 100644
--- a/bolt-api-pooled/src/main/java/org/neo4j/driver/internal/bolt/pooledimpl/PooledBoltConnectionProvider.java
+++ b/bolt-api-pooled/src/main/java/org/neo4j/driver/internal/bolt/pooledimpl/PooledBoltConnectionProvider.java
@@ -36,6 +36,7 @@
 import java.util.function.Function;
 import java.util.function.Supplier;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BasicResponseHandler;
 import org.neo4j.driver.internal.bolt.api.BoltAgent;
 import org.neo4j.driver.internal.bolt.api.BoltConnection;
@@ -51,7 +52,6 @@
 import org.neo4j.driver.internal.bolt.api.SecurityPlan;
 import org.neo4j.driver.internal.bolt.api.exception.BoltTransientException;
 import org.neo4j.driver.internal.bolt.api.exception.MinVersionAcquisitionException;
-import org.neo4j.driver.internal.bolt.api.values.Value;
 import org.neo4j.driver.internal.bolt.pooledimpl.impl.PooledBoltConnection;
 import org.neo4j.driver.internal.bolt.pooledimpl.impl.util.FutureUtil;
 
@@ -129,7 +129,7 @@ public CompletionStage<Void> init(
     public CompletionStage<BoltConnection> connect(
             SecurityPlan securityPlan,
             DatabaseName databaseName,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             AccessMode mode,
             Set<String> bookmarks,
             String impersonatedUser,
@@ -145,7 +145,7 @@ public CompletionStage<BoltConnection> connect(
 
         var acquisitionFuture = new CompletableFuture<PooledBoltConnection>();
 
-        authMapStageSupplier.get().whenComplete((authMap, authThrowable) -> {
+        authTokenStageSupplier.get().whenComplete((authToken, authThrowable) -> {
             if (authThrowable != null) {
                 acquisitionFuture.completeExceptionally(authThrowable);
                 return;
@@ -168,8 +168,8 @@ public CompletionStage<BoltConnection> connect(
                     acquisitionFuture,
                     securityPlan,
                     databaseName,
-                    authMap,
-                    authMapStageSupplier,
+                    authToken,
+                    authTokenStageSupplier,
                     mode,
                     bookmarks,
                     impersonatedUser,
@@ -191,8 +191,8 @@ private void connect(
             CompletableFuture<PooledBoltConnection> acquisitionFuture,
             SecurityPlan securityPlan,
             DatabaseName databaseName,
-            Map<String, Value> authMap,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            AuthToken authToken,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             AccessMode mode,
             Set<String> bookmarks,
             String impersonatedUser,
@@ -207,7 +207,7 @@ private void connect(
                 empty.set(pooledConnectionEntries.isEmpty());
                 try {
                     // go over existing entries first
-                    connectionEntryWithMetadata = acquireExistingEntry(authMap, minVersion);
+                    connectionEntryWithMetadata = acquireExistingEntry(authToken, minVersion);
                 } catch (MinVersionAcquisitionException e) {
                     acquisitionFuture.completeExceptionally(e);
                     return;
@@ -284,8 +284,8 @@ private void connect(
                                 acquisitionFuture,
                                 securityPlan,
                                 databaseName,
-                                authMap,
-                                authMapStageSupplier,
+                                authToken,
+                                authTokenStageSupplier,
                                 mode,
                                 bookmarks,
                                 impersonatedUser,
@@ -305,7 +305,7 @@ private void connect(
                                     purge(entry);
                                     metricsListener.afterConnectionReleased(poolId, inUseEvent);
                                 });
-                        reauthStage(entryWithMetadata, authMap).whenComplete((ignored2, throwable2) -> {
+                        reauthStage(entryWithMetadata, authToken).whenComplete((ignored2, throwable2) -> {
                             if (!acquisitionFuture.complete(pooledConnection)) {
                                 // acquisition timed out
                                 CompletableFuture<PooledBoltConnection> pendingAcquisition;
@@ -336,7 +336,9 @@ private void connect(
                         .connect(
                                 securityPlan,
                                 databaseName,
-                                empty.get() ? () -> CompletableFuture.completedStage(authMap) : authMapStageSupplier,
+                                empty.get()
+                                        ? () -> CompletableFuture.completedStage(authToken)
+                                        : authTokenStageSupplier,
                                 mode,
                                 bookmarks,
                                 impersonatedUser,
@@ -395,7 +397,7 @@ private void connect(
     }
 
     private synchronized ConnectionEntryWithMetadata acquireExistingEntry(
-            Map<String, Value> authMap, BoltProtocolVersion minVersion) {
+            AuthToken authToken, BoltProtocolVersion minVersion) {
         ConnectionEntryWithMetadata connectionEntryWithMetadata = null;
         var iterator = pooledConnectionEntries.iterator();
         while (iterator.hasNext()) {
@@ -431,10 +433,10 @@ private synchronized ConnectionEntryWithMetadata acquireExistingEntry(
             }
 
             // the pool must not have unauthenticated connections
-            var authData = connection.authData().toCompletableFuture().getNow(null);
+            var authInfo = connection.authInfo().toCompletableFuture().getNow(null);
 
-            var expiredByError = minAuthTimestamp > 0 && authData.authAckMillis() <= minAuthTimestamp;
-            var authMatches = authMap.equals(authData.authMap());
+            var expiredByError = minAuthTimestamp > 0 && authInfo.authAckMillis() <= minAuthTimestamp;
+            var authMatches = authToken.equals(authInfo.authToken());
             var reauthNeeded = expiredByError || !authMatches;
 
             if (reauthNeeded) {
@@ -461,14 +463,14 @@ private synchronized ConnectionEntryWithMetadata acquireExistingEntry(
     }
 
     private CompletionStage<Void> reauthStage(
-            ConnectionEntryWithMetadata connectionEntryWithMetadata, Map<String, Value> authMap) {
+            ConnectionEntryWithMetadata connectionEntryWithMetadata, AuthToken authToken) {
         CompletionStage<Void> stage;
         if (connectionEntryWithMetadata.reauthNeeded) {
             stage = connectionEntryWithMetadata
                     .connectionEntry
                     .connection
                     .logoff()
-                    .thenCompose(conn -> conn.logon(authMap))
+                    .thenCompose(conn -> conn.logon(authToken))
                     .handle((ignored, throwable) -> {
                         if (throwable != null) {
                             connectionEntryWithMetadata.connectionEntry.connection.close();
@@ -500,11 +502,11 @@ private CompletionStage<Void> livenessCheckStage(ConnectionEntry entry) {
     }
 
     @Override
-    public CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, Map<String, Value> authMap) {
+    public CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, AuthToken authToken) {
         return connect(
                         securityPlan,
                         null,
-                        () -> CompletableFuture.completedStage(authMap),
+                        () -> CompletableFuture.completedStage(authToken),
                         AccessMode.WRITE,
                         Collections.emptySet(),
                         null,
@@ -516,11 +518,11 @@ public CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, Map<S
     }
 
     @Override
-    public CompletionStage<Boolean> supportsMultiDb(SecurityPlan securityPlan, Map<String, Value> authMap) {
+    public CompletionStage<Boolean> supportsMultiDb(SecurityPlan securityPlan, AuthToken authToken) {
         return connect(
                         securityPlan,
                         null,
-                        () -> CompletableFuture.completedStage(authMap),
+                        () -> CompletableFuture.completedStage(authToken),
                         AccessMode.WRITE,
                         Collections.emptySet(),
                         null,
@@ -535,11 +537,11 @@ public CompletionStage<Boolean> supportsMultiDb(SecurityPlan securityPlan, Map<S
     }
 
     @Override
-    public CompletionStage<Boolean> supportsSessionAuth(SecurityPlan securityPlan, Map<String, Value> authMap) {
+    public CompletionStage<Boolean> supportsSessionAuth(SecurityPlan securityPlan, AuthToken authToken) {
         return connect(
                         securityPlan,
                         null,
-                        () -> CompletableFuture.completedStage(authMap),
+                        () -> CompletableFuture.completedStage(authToken),
                         AccessMode.WRITE,
                         Collections.emptySet(),
                         null,
diff --git a/bolt-api-pooled/src/main/java/org/neo4j/driver/internal/bolt/pooledimpl/impl/PooledBoltConnection.java b/bolt-api-pooled/src/main/java/org/neo4j/driver/internal/bolt/pooledimpl/impl/PooledBoltConnection.java
index 0980d9a09d..6d05d7fc8e 100644
--- a/bolt-api-pooled/src/main/java/org/neo4j/driver/internal/bolt/pooledimpl/impl/PooledBoltConnection.java
+++ b/bolt-api-pooled/src/main/java/org/neo4j/driver/internal/bolt/pooledimpl/impl/PooledBoltConnection.java
@@ -23,7 +23,8 @@
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionStage;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
-import org.neo4j.driver.internal.bolt.api.AuthData;
+import org.neo4j.driver.internal.bolt.api.AuthInfo;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BasicResponseHandler;
 import org.neo4j.driver.internal.bolt.api.BoltConnection;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionState;
@@ -162,8 +163,8 @@ public CompletionStage<BoltConnection> logoff() {
     }
 
     @Override
-    public CompletionStage<BoltConnection> logon(Map<String, Value> authMap) {
-        return delegate.logon(authMap).thenApply(ignored -> this);
+    public CompletionStage<BoltConnection> logon(AuthToken authToken) {
+        return delegate.logon(authToken).thenApply(ignored -> this);
     }
 
     @Override
@@ -321,8 +322,8 @@ public BoltConnectionState state() {
     }
 
     @Override
-    public CompletionStage<AuthData> authData() {
-        return delegate.authData();
+    public CompletionStage<AuthInfo> authInfo() {
+        return delegate.authInfo();
     }
 
     @Override
diff --git a/bolt-api-pooled/src/test/java/org/neo4j/driver/internal/bolt/pooledimpl/PooledBoltConnectionProviderTest.java b/bolt-api-pooled/src/test/java/org/neo4j/driver/internal/bolt/pooledimpl/PooledBoltConnectionProviderTest.java
index 15a755da18..3ab5bc48ef 100644
--- a/bolt-api-pooled/src/test/java/org/neo4j/driver/internal/bolt/pooledimpl/PooledBoltConnectionProviderTest.java
+++ b/bolt-api-pooled/src/test/java/org/neo4j/driver/internal/bolt/pooledimpl/PooledBoltConnectionProviderTest.java
@@ -48,7 +48,9 @@
 import org.mockito.Mock;
 import org.mockito.stubbing.Answer;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
-import org.neo4j.driver.internal.bolt.api.AuthData;
+import org.neo4j.driver.internal.bolt.api.AuthInfo;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
+import org.neo4j.driver.internal.bolt.api.AuthTokens;
 import org.neo4j.driver.internal.bolt.api.BoltAgent;
 import org.neo4j.driver.internal.bolt.api.BoltConnection;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionProvider;
@@ -90,7 +92,7 @@ class PooledBoltConnectionProviderTest {
     BoltConnection connection;
 
     @Mock
-    Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier;
+    Supplier<CompletionStage<AuthToken>> authTokenStageSupplier;
 
     final int maxSize = 2;
     final long acquisitionTimeout = 5000;
@@ -114,7 +116,8 @@ class PooledBoltConnectionProviderTest {
     void beforeEach() {
         openMocks(this);
         given(loggingProvider.getLog(any(Class.class))).willReturn(mock(System.Logger.class));
-        given(authMapStageSupplier.get()).willReturn(CompletableFuture.completedStage(Map.of()));
+        given(authTokenStageSupplier.get())
+                .willReturn(CompletableFuture.completedStage(AuthTokens.custom(Collections.emptyMap())));
         provider = new PooledBoltConnectionProvider(
                 upstreamProvider, maxSize, acquisitionTimeout, maxLifetime, idleBeforeTest, clock, loggingProvider);
         provider.init(address, context, boltAgent, userAgent, timeout, metricsListener);
@@ -146,7 +149,7 @@ void shouldCreateNewConnection() {
         var connection = provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -199,7 +202,7 @@ void shouldTimeout() {
         provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -214,7 +217,7 @@ void shouldTimeout() {
         var connectionStage = provider.connect(
                 securityPlan,
                 databaseName,
-                authMapStageSupplier,
+                authTokenStageSupplier,
                 mode,
                 bookmarks,
                 null,
@@ -255,7 +258,7 @@ void shouldReturnConnectionToPool() {
         var connection = provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -286,10 +289,10 @@ void shouldUseExistingConnection() {
         });
         given(connection.state()).willReturn(BoltConnectionState.OPEN);
         given(connection.protocolVersion()).willReturn(minVersion);
-        var authData = mock(AuthData.class);
-        given(authData.authAckMillis()).willReturn(0L);
-        given(authData.authMap()).willReturn(Collections.emptyMap());
-        given(connection.authData()).willReturn(CompletableFuture.completedStage(authData));
+        var authInfo = mock(AuthInfo.class);
+        given(authInfo.authAckMillis()).willReturn(0L);
+        given(authInfo.authToken()).willReturn(AuthTokens.custom(Collections.emptyMap()));
+        given(connection.authInfo()).willReturn(CompletableFuture.completedStage(authInfo));
         given(upstreamProvider.connect(
                         eq(securityPlan),
                         eq(databaseName),
@@ -305,7 +308,7 @@ void shouldUseExistingConnection() {
         provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -324,7 +327,7 @@ void shouldUseExistingConnection() {
         var connection = provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -371,7 +374,7 @@ void shouldClose() {
         provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -417,7 +420,7 @@ void shouldVerifyConnectivity() {
                 .willReturn(CompletableFuture.completedStage(connection));
 
         // when
-        provider.verifyConnectivity(SecurityPlan.INSECURE, Collections.emptyMap())
+        provider.verifyConnectivity(SecurityPlan.INSECURE, AuthTokens.custom(Collections.emptyMap()))
                 .toCompletableFuture()
                 .join();
 
@@ -465,7 +468,7 @@ void shouldSupportMultiDb(BoltProtocolVersion boltProtocolVersion, boolean expec
                 .willReturn(CompletableFuture.completedStage(connection));
 
         // when
-        var supports = provider.supportsMultiDb(SecurityPlan.INSECURE, Collections.emptyMap())
+        var supports = provider.supportsMultiDb(SecurityPlan.INSECURE, AuthTokens.custom(Collections.emptyMap()))
                 .toCompletableFuture()
                 .join();
 
@@ -520,7 +523,7 @@ void shouldSupportsSessionAuth(BoltProtocolVersion boltProtocolVersion, boolean
                 .willReturn(CompletableFuture.completedStage(connection));
 
         // when
-        var supports = provider.supportsSessionAuth(SecurityPlan.INSECURE, Collections.emptyMap())
+        var supports = provider.supportsSessionAuth(SecurityPlan.INSECURE, AuthTokens.custom(Collections.emptyMap()))
                 .toCompletableFuture()
                 .join();
 
@@ -576,7 +579,7 @@ void shouldThrowOnLowerVersion() {
         provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -594,7 +597,7 @@ void shouldThrowOnLowerVersion() {
         var future = provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -638,7 +641,7 @@ void shouldTestMaxLifetime() {
         provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -657,7 +660,7 @@ void shouldTestMaxLifetime() {
         var anotherConnection = provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -687,10 +690,10 @@ void shouldTestLiveness() {
             handler.onComplete();
             return CompletableFuture.completedStage(null);
         });
-        var authData = mock(AuthData.class);
-        given(authData.authAckMillis()).willReturn(0L);
-        given(authData.authMap()).willReturn(Collections.emptyMap());
-        given(connection.authData()).willReturn(CompletableFuture.completedStage(authData));
+        var authInfo = mock(AuthInfo.class);
+        given(authInfo.authAckMillis()).willReturn(0L);
+        given(authInfo.authToken()).willReturn(AuthTokens.custom(Collections.emptyMap()));
+        given(connection.authInfo()).willReturn(CompletableFuture.completedStage(authInfo));
         given(upstreamProvider.connect(
                         eq(securityPlan),
                         eq(databaseName),
@@ -706,7 +709,7 @@ void shouldTestLiveness() {
         provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -725,7 +728,7 @@ void shouldTestLiveness() {
         var actualConnection = provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -756,14 +759,15 @@ void shouldPipelineReauth() {
         });
         given(connection.logoff()).willReturn(CompletableFuture.completedStage(connection));
         var authMap = Map.of("key", mock(Value.class));
-        given(connection.logon(authMap)).willReturn(CompletableFuture.completedStage(connection));
-        var authData = mock(AuthData.class);
-        given(authData.authAckMillis()).willReturn(0L);
-        given(authData.authMap()).willReturn(Collections.emptyMap());
-        given(connection.authData()).willReturn(CompletableFuture.completedStage(authData));
-        given(authMapStageSupplier.get())
-                .willReturn(CompletableFuture.completedStage(Collections.emptyMap()))
-                .willReturn(CompletableFuture.completedStage(authMap));
+        var authToken = AuthTokens.custom(authMap);
+        given(connection.logon(authToken)).willReturn(CompletableFuture.completedStage(connection));
+        var authInfo = mock(AuthInfo.class);
+        given(authInfo.authAckMillis()).willReturn(0L);
+        given(authInfo.authToken()).willReturn(AuthTokens.custom(Collections.emptyMap()));
+        given(connection.authInfo()).willReturn(CompletableFuture.completedStage(authInfo));
+        given(authTokenStageSupplier.get())
+                .willReturn(CompletableFuture.completedStage(AuthTokens.custom(Collections.emptyMap())))
+                .willReturn(CompletableFuture.completedStage(authToken));
         given(upstreamProvider.connect(
                         eq(securityPlan),
                         eq(databaseName),
@@ -779,7 +783,7 @@ void shouldPipelineReauth() {
         provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -797,7 +801,7 @@ void shouldPipelineReauth() {
         var actualConnection = provider.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         null,
@@ -811,6 +815,6 @@ void shouldPipelineReauth() {
         // then
         assertEquals(connection, ((PooledBoltConnection) actualConnection).delegate());
         then(connection).should().logoff();
-        then(connection).should().logon(authMap);
+        then(connection).should().logon(authToken);
     }
 }
diff --git a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/Rediscovery.java b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/Rediscovery.java
index ea887d7889..258de5c663 100644
--- a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/Rediscovery.java
+++ b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/Rediscovery.java
@@ -18,16 +18,15 @@
 
 import java.net.UnknownHostException;
 import java.util.List;
-import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.CompletionStage;
 import java.util.function.Function;
 import java.util.function.Supplier;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionProvider;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
 import org.neo4j.driver.internal.bolt.api.BoltServerAddress;
 import org.neo4j.driver.internal.bolt.api.SecurityPlan;
-import org.neo4j.driver.internal.bolt.api.values.Value;
 
 /**
  * Provides cluster composition lookup capabilities and initial router address resolution.
@@ -39,7 +38,7 @@ CompletionStage<ClusterCompositionLookupResult> lookupClusterComposition(
             Function<BoltServerAddress, BoltConnectionProvider> connectionProviderGetter,
             Set<String> bookmarks,
             String impersonatedUser,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion);
 
     List<BoltServerAddress> resolve() throws UnknownHostException;
diff --git a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/RoutedBoltConnectionProvider.java b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/RoutedBoltConnectionProvider.java
index af242d3e69..15b3b7f939 100644
--- a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/RoutedBoltConnectionProvider.java
+++ b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/RoutedBoltConnectionProvider.java
@@ -35,6 +35,7 @@
 import java.util.function.Supplier;
 import javax.net.ssl.SSLHandshakeException;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BoltAgent;
 import org.neo4j.driver.internal.bolt.api.BoltConnection;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionProvider;
@@ -51,7 +52,6 @@
 import org.neo4j.driver.internal.bolt.api.exception.BoltConnectionAcquisitionException;
 import org.neo4j.driver.internal.bolt.api.exception.BoltFailureException;
 import org.neo4j.driver.internal.bolt.api.exception.BoltServiceUnavailableException;
-import org.neo4j.driver.internal.bolt.api.values.Value;
 import org.neo4j.driver.internal.bolt.routedimpl.impl.AuthTokenManagerExecutionException;
 import org.neo4j.driver.internal.bolt.routedimpl.impl.RoutedBoltConnection;
 import org.neo4j.driver.internal.bolt.routedimpl.impl.cluster.RediscoveryImpl;
@@ -137,7 +137,7 @@ public synchronized CompletionStage<Void> init(
     public CompletionStage<BoltConnection> connect(
             SecurityPlan securityPlan,
             DatabaseName databaseName,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             AccessMode mode,
             Set<String> bookmarks,
             String impersonatedUser,
@@ -155,8 +155,8 @@ public CompletionStage<BoltConnection> connect(
             registry = this.registry;
         }
 
-        Supplier<CompletionStage<Map<String, Value>>> supplier =
-                () -> authMapStageSupplier.get().exceptionally(throwable -> {
+        Supplier<CompletionStage<AuthToken>> supplier =
+                () -> authTokenStageSupplier.get().exceptionally(throwable -> {
                     throw new AuthTokenManagerExecutionException(throwable);
                 });
 
@@ -208,12 +208,12 @@ public CompletionStage<BoltConnection> connect(
     }
 
     @Override
-    public CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, Map<String, Value> authMap) {
+    public CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, AuthToken authToken) {
         RoutingTableRegistry registry;
         synchronized (this) {
             registry = this.registry;
         }
-        return supportsMultiDb(securityPlan, authMap)
+        return supportsMultiDb(securityPlan, authToken)
                 .thenCompose(supports -> registry.ensureRoutingTable(
                         securityPlan,
                         supports
@@ -222,7 +222,7 @@ public CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, Map<S
                         AccessMode.READ,
                         Collections.emptySet(),
                         null,
-                        () -> CompletableFuture.completedStage(authMap),
+                        () -> CompletableFuture.completedStage(authToken),
                         null,
                         null))
                 .handle((ignored, error) -> {
@@ -240,19 +240,19 @@ public CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, Map<S
     }
 
     @Override
-    public CompletionStage<Boolean> supportsMultiDb(SecurityPlan securityPlan, Map<String, Value> authMap) {
+    public CompletionStage<Boolean> supportsMultiDb(SecurityPlan securityPlan, AuthToken authToken) {
         return detectFeature(
                 securityPlan,
-                authMap,
+                authToken,
                 "Failed to perform multi-databases feature detection with the following servers: ",
                 (boltConnection -> boltConnection.protocolVersion().compareTo(new BoltProtocolVersion(4, 0)) >= 0));
     }
 
     @Override
-    public CompletionStage<Boolean> supportsSessionAuth(SecurityPlan securityPlan, Map<String, Value> authMap) {
+    public CompletionStage<Boolean> supportsSessionAuth(SecurityPlan securityPlan, AuthToken authToken) {
         return detectFeature(
                 securityPlan,
-                authMap,
+                authToken,
                 "Failed to perform session auth feature detection with the following servers: ",
                 (boltConnection -> new BoltProtocolVersion(5, 1).compareTo(boltConnection.protocolVersion()) <= 0));
     }
@@ -271,7 +271,7 @@ private synchronized void shutdownUnusedProviders(Set<BoltServerAddress> address
 
     private CompletionStage<Boolean> detectFeature(
             SecurityPlan securityPlan,
-            Map<String, Value> authMap,
+            AuthToken authToken,
             String baseErrorMessagePrefix,
             Function<BoltConnection, Boolean> featureDetectionFunction) {
         Rediscovery rediscovery;
@@ -306,7 +306,7 @@ private CompletionStage<Boolean> detectFeature(
                         .connect(
                                 securityPlan,
                                 null,
-                                () -> CompletableFuture.completedStage(authMap),
+                                () -> CompletableFuture.completedStage(authToken),
                                 AccessMode.WRITE,
                                 Collections.emptySet(),
                                 null,
@@ -339,7 +339,7 @@ private CompletionStage<BoltConnection> acquire(
             SecurityPlan securityPlan,
             AccessMode mode,
             RoutingTable routingTable,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             DatabaseName database,
             Set<String> bookmarks,
             String impersonatedUser,
@@ -352,7 +352,7 @@ private CompletionStage<BoltConnection> acquire(
                 mode,
                 routingTable,
                 result,
-                authMapStageSupplier,
+                authTokenStageSupplier,
                 attemptExceptions,
                 database,
                 bookmarks,
@@ -367,7 +367,7 @@ private void acquire(
             AccessMode mode,
             RoutingTable routingTable,
             CompletableFuture<BoltConnection> result,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             List<Throwable> attemptErrors,
             DatabaseName database,
             Set<String> bookmarks,
@@ -392,7 +392,7 @@ private void acquire(
                 .connect(
                         securityPlan,
                         database,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         impersonatedUser,
@@ -414,7 +414,7 @@ private void acquire(
                                     mode,
                                     routingTable,
                                     result,
-                                    authMapStageSupplier,
+                                    authTokenStageSupplier,
                                     attemptErrors,
                                     database,
                                     bookmarks,
diff --git a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/RoutedBoltConnection.java b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/RoutedBoltConnection.java
index 847a3b3337..dfdd4135bf 100644
--- a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/RoutedBoltConnection.java
+++ b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/RoutedBoltConnection.java
@@ -24,7 +24,8 @@
 import java.util.Set;
 import java.util.concurrent.CompletionStage;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
-import org.neo4j.driver.internal.bolt.api.AuthData;
+import org.neo4j.driver.internal.bolt.api.AuthInfo;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BoltConnection;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionState;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
@@ -164,8 +165,8 @@ public CompletionStage<BoltConnection> logoff() {
     }
 
     @Override
-    public CompletionStage<BoltConnection> logon(Map<String, Value> authMap) {
-        return delegate.logon(authMap).thenApply(ignored -> this);
+    public CompletionStage<BoltConnection> logon(AuthToken authToken) {
+        return delegate.logon(authToken).thenApply(ignored -> this);
     }
 
     @Override
@@ -278,8 +279,8 @@ public BoltConnectionState state() {
     }
 
     @Override
-    public CompletionStage<AuthData> authData() {
-        return delegate.authData();
+    public CompletionStage<AuthInfo> authInfo() {
+        return delegate.authInfo();
     }
 
     @Override
diff --git a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RediscoveryImpl.java b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RediscoveryImpl.java
index e8ef7209c7..29769041f2 100644
--- a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RediscoveryImpl.java
+++ b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RediscoveryImpl.java
@@ -27,7 +27,6 @@
 import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.List;
-import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionException;
@@ -37,6 +36,7 @@
 import java.util.function.Supplier;
 import javax.net.ssl.SSLHandshakeException;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BoltConnection;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionProvider;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
@@ -53,7 +53,6 @@
 import org.neo4j.driver.internal.bolt.api.exception.BoltUnsupportedFeatureException;
 import org.neo4j.driver.internal.bolt.api.exception.MinVersionAcquisitionException;
 import org.neo4j.driver.internal.bolt.api.summary.RouteSummary;
-import org.neo4j.driver.internal.bolt.api.values.Value;
 import org.neo4j.driver.internal.bolt.routedimpl.ClusterCompositionLookupResult;
 import org.neo4j.driver.internal.bolt.routedimpl.Rediscovery;
 import org.neo4j.driver.internal.bolt.routedimpl.RoutingTable;
@@ -98,7 +97,7 @@ public CompletionStage<ClusterCompositionLookupResult> lookupClusterComposition(
             Function<BoltServerAddress, BoltConnectionProvider> connectionProviderGetter,
             Set<String> bookmarks,
             String impersonatedUser,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion) {
         var result = new CompletableFuture<ClusterCompositionLookupResult>();
         // if we failed discovery, we will chain all errors into this one.
@@ -111,7 +110,7 @@ public CompletionStage<ClusterCompositionLookupResult> lookupClusterComposition(
                 result,
                 bookmarks,
                 impersonatedUser,
-                authMapStageSupplier,
+                authTokenStageSupplier,
                 minVersion,
                 baseError);
         return result;
@@ -124,7 +123,7 @@ private void lookupClusterComposition(
             CompletableFuture<ClusterCompositionLookupResult> result,
             Set<String> bookmarks,
             String impersonatedUser,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplierp,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion,
             Throwable baseError) {
         lookup(
@@ -133,7 +132,7 @@ private void lookupClusterComposition(
                         connectionProviderGetter,
                         bookmarks,
                         impersonatedUser,
-                        authMapStageSupplierp,
+                        authTokenStageSupplier,
                         minVersion,
                         baseError)
                 .whenComplete((compositionLookupResult, completionError) -> {
@@ -154,7 +153,7 @@ private CompletionStage<ClusterCompositionLookupResult> lookup(
             Function<BoltServerAddress, BoltConnectionProvider> connectionProviderGetter,
             Set<String> bookmarks,
             String impersonatedUser,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion,
             Throwable baseError) {
         CompletionStage<ClusterCompositionLookupResult> compositionStage;
@@ -166,7 +165,7 @@ private CompletionStage<ClusterCompositionLookupResult> lookup(
                     connectionProviderGetter,
                     bookmarks,
                     impersonatedUser,
-                    authMapStageSupplier,
+                    authTokenStageSupplier,
                     minVersion,
                     baseError);
         } else {
@@ -176,7 +175,7 @@ private CompletionStage<ClusterCompositionLookupResult> lookup(
                     connectionProviderGetter,
                     bookmarks,
                     impersonatedUser,
-                    authMapStageSupplier,
+                    authTokenStageSupplier,
                     minVersion,
                     baseError);
         }
@@ -190,7 +189,7 @@ private CompletionStage<ClusterCompositionLookupResult> lookupOnKnownRoutersThen
             Function<BoltServerAddress, BoltConnectionProvider> connectionProviderGetter,
             Set<String> bookmarks,
             String impersonatedUser,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion,
             Throwable baseError) {
         Set<BoltServerAddress> seenServers = new HashSet<>();
@@ -201,7 +200,7 @@ private CompletionStage<ClusterCompositionLookupResult> lookupOnKnownRoutersThen
                         seenServers,
                         bookmarks,
                         impersonatedUser,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         minVersion,
                         baseError)
                 .thenCompose(compositionLookupResult -> {
@@ -215,7 +214,7 @@ private CompletionStage<ClusterCompositionLookupResult> lookupOnKnownRoutersThen
                             seenServers,
                             bookmarks,
                             impersonatedUser,
-                            authMapStageSupplier,
+                            authTokenStageSupplier,
                             minVersion,
                             baseError);
                 });
@@ -227,7 +226,7 @@ private CompletionStage<ClusterCompositionLookupResult> lookupOnInitialRouterThe
             Function<BoltServerAddress, BoltConnectionProvider> connectionProviderGetter,
             Set<String> bookmarks,
             String impersonatedUser,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion,
             Throwable baseError) {
         Set<BoltServerAddress> seenServers = emptySet();
@@ -238,7 +237,7 @@ private CompletionStage<ClusterCompositionLookupResult> lookupOnInitialRouterThe
                         seenServers,
                         bookmarks,
                         impersonatedUser,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         minVersion,
                         baseError)
                 .thenCompose(compositionLookupResult -> {
@@ -252,7 +251,7 @@ private CompletionStage<ClusterCompositionLookupResult> lookupOnInitialRouterThe
                             new HashSet<>(),
                             bookmarks,
                             impersonatedUser,
-                            authMapStageSupplier,
+                            authTokenStageSupplier,
                             minVersion,
                             baseError);
                 });
@@ -265,7 +264,7 @@ private CompletionStage<ClusterCompositionLookupResult> lookupOnKnownRouters(
             Set<BoltServerAddress> seenServers,
             Set<String> bookmarks,
             String impersonatedUser,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion,
             Throwable baseError) {
         CompletableFuture<ClusterComposition> result = CompletableFuture.completedFuture(null);
@@ -283,7 +282,7 @@ private CompletionStage<ClusterCompositionLookupResult> lookupOnKnownRouters(
                             seenServers,
                             bookmarks,
                             impersonatedUser,
-                            authMapStageSupplier,
+                            authTokenStageSupplier,
                             minVersion,
                             baseError);
                 }
@@ -300,7 +299,7 @@ private CompletionStage<ClusterCompositionLookupResult> lookupOnInitialRouter(
             Set<BoltServerAddress> seenServers,
             Set<String> bookmarks,
             String impersonatedUser,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion,
             Throwable baseError) {
         List<BoltServerAddress> resolvedRouters;
@@ -327,7 +326,7 @@ private CompletionStage<ClusterCompositionLookupResult> lookupOnInitialRouter(
                         null,
                         bookmarks,
                         impersonatedUser,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         minVersion,
                         baseError);
             });
@@ -345,7 +344,7 @@ private CompletionStage<ClusterComposition> lookupOnRouter(
             Set<BoltServerAddress> seenServers,
             Set<String> bookmarks,
             String impersonatedUser,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion,
             Throwable baseError) {
         var addressFuture = CompletableFuture.completedFuture(routerAddress);
@@ -363,7 +362,7 @@ private CompletionStage<ClusterComposition> lookupOnRouter(
                         .connect(
                                 securityPlan,
                                 null,
-                                authMapStageSupplier,
+                                authTokenStageSupplier,
                                 AccessMode.READ,
                                 bookmarks,
                                 null,
diff --git a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableHandler.java b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableHandler.java
index de3832b7b7..7082510be6 100644
--- a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableHandler.java
+++ b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableHandler.java
@@ -16,15 +16,14 @@
  */
 package org.neo4j.driver.internal.bolt.routedimpl.impl.cluster;
 
-import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.CompletionStage;
 import java.util.function.Supplier;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
 import org.neo4j.driver.internal.bolt.api.BoltServerAddress;
 import org.neo4j.driver.internal.bolt.api.SecurityPlan;
-import org.neo4j.driver.internal.bolt.api.values.Value;
 import org.neo4j.driver.internal.bolt.routedimpl.ClusterCompositionLookupResult;
 import org.neo4j.driver.internal.bolt.routedimpl.RoutingTable;
 
@@ -37,7 +36,7 @@ CompletionStage<RoutingTable> ensureRoutingTable(
             SecurityPlan securityPlan,
             AccessMode mode,
             Set<String> rediscoveryBookmarks,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion);
 
     CompletionStage<RoutingTable> updateRoutingTable(ClusterCompositionLookupResult compositionLookupResult);
diff --git a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableHandlerImpl.java b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableHandlerImpl.java
index 487cffae97..abf5970216 100644
--- a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableHandlerImpl.java
+++ b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableHandlerImpl.java
@@ -20,7 +20,6 @@
 
 import java.util.HashSet;
 import java.util.LinkedHashSet;
-import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionStage;
@@ -28,13 +27,13 @@
 import java.util.function.Function;
 import java.util.function.Supplier;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionProvider;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
 import org.neo4j.driver.internal.bolt.api.BoltServerAddress;
 import org.neo4j.driver.internal.bolt.api.DatabaseName;
 import org.neo4j.driver.internal.bolt.api.LoggingProvider;
 import org.neo4j.driver.internal.bolt.api.SecurityPlan;
-import org.neo4j.driver.internal.bolt.api.values.Value;
 import org.neo4j.driver.internal.bolt.routedimpl.ClusterCompositionLookupResult;
 import org.neo4j.driver.internal.bolt.routedimpl.Rediscovery;
 import org.neo4j.driver.internal.bolt.routedimpl.RoutingTable;
@@ -86,7 +85,7 @@ public synchronized CompletionStage<RoutingTable> ensureRoutingTable(
             SecurityPlan securityPlan,
             AccessMode mode,
             Set<String> rediscoveryBookmarks,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion) {
         if (refreshRoutingTableFuture != null) {
             // refresh is already happening concurrently, just use it's result
@@ -109,7 +108,7 @@ public synchronized CompletionStage<RoutingTable> ensureRoutingTable(
                             connectionProviderGetter,
                             rediscoveryBookmarks,
                             null,
-                            authMapStageSupplier,
+                            authTokenStageSupplier,
                             minVersion)
                     .whenComplete((composition, completionError) -> {
                         var error = FutureUtil.completionExceptionCause(completionError);
diff --git a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableRegistry.java b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableRegistry.java
index 38adaf28d9..2d6d4ea044 100644
--- a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableRegistry.java
+++ b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableRegistry.java
@@ -16,18 +16,17 @@
  */
 package org.neo4j.driver.internal.bolt.routedimpl.impl.cluster;
 
-import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionStage;
 import java.util.function.Supplier;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
 import org.neo4j.driver.internal.bolt.api.BoltServerAddress;
 import org.neo4j.driver.internal.bolt.api.DatabaseName;
 import org.neo4j.driver.internal.bolt.api.SecurityPlan;
-import org.neo4j.driver.internal.bolt.api.values.Value;
 
 /**
  * A generic interface to access all routing tables as a whole.
@@ -45,7 +44,7 @@ CompletionStage<RoutingTableHandler> ensureRoutingTable(
             AccessMode mode,
             Set<String> rediscoveryBookmarks,
             String impersonatedUser,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion,
             String homeDatabaseHint);
 
diff --git a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableRegistryImpl.java b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableRegistryImpl.java
index 7bafffdfaa..3b7c375b10 100644
--- a/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableRegistryImpl.java
+++ b/bolt-api-routed/src/main/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableRegistryImpl.java
@@ -34,6 +34,7 @@
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionProvider;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
 import org.neo4j.driver.internal.bolt.api.BoltServerAddress;
@@ -41,7 +42,6 @@
 import org.neo4j.driver.internal.bolt.api.DatabaseNameUtil;
 import org.neo4j.driver.internal.bolt.api.LoggingProvider;
 import org.neo4j.driver.internal.bolt.api.SecurityPlan;
-import org.neo4j.driver.internal.bolt.api.values.Value;
 import org.neo4j.driver.internal.bolt.routedimpl.Rediscovery;
 import org.neo4j.driver.internal.bolt.routedimpl.impl.util.FutureUtil;
 
@@ -102,7 +102,7 @@ public CompletionStage<RoutingTableHandler> ensureRoutingTable(
             AccessMode mode,
             Set<String> rediscoveryBookmarks,
             String impersonatedUser,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion,
             String homeDatabaseHint) {
         if (!databaseNameFuture.isDone()) {
@@ -119,7 +119,7 @@ public CompletionStage<RoutingTableHandler> ensureRoutingTable(
                         mode,
                         rediscoveryBookmarks,
                         impersonatedUser,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         minVersion)
                 .thenCompose(ctxAndHandler -> {
                     var handler = ctxAndHandler.handler() != null
@@ -127,7 +127,7 @@ public CompletionStage<RoutingTableHandler> ensureRoutingTable(
                             : getOrCreate(FutureUtil.joinNowOrElseThrow(
                                     ctxAndHandler.databaseNameFuture(), PENDING_DATABASE_NAME_EXCEPTION_SUPPLIER));
                     return handler.ensureRoutingTable(
-                                    securityPlan, mode, rediscoveryBookmarks, authMapStageSupplier, minVersion)
+                                    securityPlan, mode, rediscoveryBookmarks, authTokenStageSupplier, minVersion)
                             .thenApply(ignored -> handler);
                 });
     }
@@ -138,7 +138,7 @@ private CompletionStage<ConnectionContextAndHandler> ensureDatabaseNameIsComplet
             AccessMode mode,
             Set<String> rediscoveryBookmarks,
             String impersonatedUser,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             BoltProtocolVersion minVersion) {
         CompletionStage<ConnectionContextAndHandler> contextAndHandlerStage;
 
@@ -168,7 +168,7 @@ private CompletionStage<ConnectionContextAndHandler> ensureDatabaseNameIsComplet
                                         connectionProviderGetter,
                                         rediscoveryBookmarks,
                                         impersonatedUser,
-                                        authMapStageSupplier,
+                                        authTokenStageSupplier,
                                         minVersion)
                                 .thenCompose(compositionLookupResult -> {
                                     var databaseName = DatabaseNameUtil.database(compositionLookupResult
diff --git a/bolt-api-routed/src/test/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableHandlerTest.java b/bolt-api-routed/src/test/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableHandlerTest.java
index 909fb19ea3..2a9e4369b9 100644
--- a/bolt-api-routed/src/test/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableHandlerTest.java
+++ b/bolt-api-routed/src/test/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableHandlerTest.java
@@ -46,7 +46,6 @@
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.LinkedHashSet;
-import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
 import java.util.concurrent.CompletableFuture;
@@ -58,6 +57,8 @@
 import org.junit.jupiter.api.Test;
 import org.mockito.Mockito;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
+import org.neo4j.driver.internal.bolt.api.AuthTokens;
 import org.neo4j.driver.internal.bolt.api.BoltConnection;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionProvider;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
@@ -66,7 +67,6 @@
 import org.neo4j.driver.internal.bolt.api.DatabaseName;
 import org.neo4j.driver.internal.bolt.api.SecurityPlan;
 import org.neo4j.driver.internal.bolt.api.exception.BoltServiceUnavailableException;
-import org.neo4j.driver.internal.bolt.api.values.Value;
 import org.neo4j.driver.internal.bolt.routedimpl.ClusterCompositionLookupResult;
 import org.neo4j.driver.internal.bolt.routedimpl.Rediscovery;
 import org.neo4j.driver.internal.bolt.routedimpl.RoutingTable;
@@ -123,7 +123,7 @@ void acquireShouldUpdateRoutingTableWhenKnownRoutingTableIsStale() {
                         SecurityPlan.INSECURE,
                         READ,
                         Collections.emptySet(),
-                        () -> CompletableFuture.completedStage(Collections.emptyMap()),
+                        () -> CompletableFuture.completedStage(AuthTokens.custom(Collections.emptyMap())),
                         new BoltProtocolVersion(4, 1))
                 .toCompletableFuture()
                 .join());
@@ -179,7 +179,7 @@ public CompletionStage<RoutingTableHandler> ensureRoutingTable(
                     AccessMode mode,
                     Set<String> rediscoveryBookmarks,
                     String impersonatedUser,
-                    Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+                    Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
                     BoltProtocolVersion minVersion,
                     String homeDatabaseHint) {
                 throw new UnsupportedOperationException();
@@ -212,7 +212,7 @@ public Optional<RoutingTableHandler> getRoutingTableHandler(DatabaseName databas
                         SecurityPlan.INSECURE,
                         READ,
                         Collections.emptySet(),
-                        () -> CompletableFuture.completedStage(Collections.emptyMap()),
+                        () -> CompletableFuture.completedStage(AuthTokens.custom(Collections.emptyMap())),
                         new BoltProtocolVersion(4, 1))
                 .toCompletableFuture()
                 .join();
@@ -239,7 +239,7 @@ void shouldRemoveRoutingTableHandlerIfFailedToLookup() {
                         SecurityPlan.INSECURE,
                         READ,
                         Collections.emptySet(),
-                        () -> CompletableFuture.completedStage(Collections.emptyMap()),
+                        () -> CompletableFuture.completedStage(AuthTokens.custom(Collections.emptyMap())),
                         new BoltProtocolVersion(4, 1))
                 .toCompletableFuture()
                 .join());
@@ -266,7 +266,7 @@ private void testRediscoveryWhenStale(AccessMode mode) {
                         SecurityPlan.INSECURE,
                         mode,
                         Collections.emptySet(),
-                        () -> CompletableFuture.completedStage(Collections.emptyMap()),
+                        () -> CompletableFuture.completedStage(AuthTokens.custom(Collections.emptyMap())),
                         new BoltProtocolVersion(4, 1))
                 .toCompletableFuture()
                 .join();
@@ -297,7 +297,7 @@ private void testNoRediscoveryWhenNotStale(AccessMode staleMode, AccessMode notS
                         SecurityPlan.INSECURE,
                         notStaleMode,
                         Collections.emptySet(),
-                        () -> CompletableFuture.completedStage(Collections.emptyMap()),
+                        () -> CompletableFuture.completedStage(AuthTokens.custom(Collections.emptyMap())),
                         new BoltProtocolVersion(4, 1))
                 .toCompletableFuture()
                 .join());
diff --git a/bolt-api-routed/src/test/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableRegistryImplTest.java b/bolt-api-routed/src/test/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableRegistryImplTest.java
index ca35a7397c..4c258d011b 100644
--- a/bolt-api-routed/src/test/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableRegistryImplTest.java
+++ b/bolt-api-routed/src/test/java/org/neo4j/driver/internal/bolt/routedimpl/impl/cluster/RoutingTableRegistryImplTest.java
@@ -40,7 +40,6 @@
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
-import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionStage;
@@ -53,11 +52,12 @@
 import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.Mockito;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
+import org.neo4j.driver.internal.bolt.api.AuthTokens;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
 import org.neo4j.driver.internal.bolt.api.BoltServerAddress;
 import org.neo4j.driver.internal.bolt.api.DatabaseName;
 import org.neo4j.driver.internal.bolt.api.SecurityPlan;
-import org.neo4j.driver.internal.bolt.api.values.Value;
 import org.neo4j.driver.internal.bolt.routedimpl.Rediscovery;
 import org.neo4j.driver.internal.bolt.routedimpl.RoutingTable;
 import org.neo4j.driver.internal.bolt.routedimpl.impl.NoopLoggingProvider;
@@ -105,7 +105,7 @@ void shouldCreateRoutingTableHandlerIfAbsentWhenFreshRoutingTable(String databas
                 AccessMode.READ,
                 Collections.emptySet(),
                 null,
-                () -> CompletableFuture.completedStage(Collections.emptyMap()),
+                () -> CompletableFuture.completedStage(AuthTokens.custom(Collections.emptyMap())),
                 new BoltProtocolVersion(4, 1),
                 null);
 
@@ -125,8 +125,8 @@ void shouldReturnExistingRoutingTableHandlerWhenFreshRoutingTable(String databas
 
         var factory = mockedHandlerFactory();
         var routingTables = newRoutingTables(map, factory);
-        Supplier<CompletionStage<Map<String, Value>>> authStageSupplier =
-                () -> CompletableFuture.completedStage(Collections.emptyMap());
+        Supplier<CompletionStage<AuthToken>> authStageSupplier =
+                () -> CompletableFuture.completedStage(AuthTokens.custom(Collections.emptyMap()));
 
         // When
         var actual = routingTables
@@ -163,8 +163,8 @@ void shouldReturnFreshRoutingTable(AccessMode mode) {
         var factory = mockedHandlerFactory(handler);
         var routingTables = new RoutingTableRegistryImpl(
                 map, factory, null, null, Mockito.mock(Rediscovery.class), NoopLoggingProvider.INSTANCE);
-        Supplier<CompletionStage<Map<String, Value>>> authStageSupplier =
-                () -> CompletableFuture.completedStage(Collections.emptyMap());
+        Supplier<CompletionStage<AuthToken>> authStageSupplier =
+                () -> CompletableFuture.completedStage(AuthTokens.custom(Collections.emptyMap()));
 
         // When
         routingTables
diff --git a/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthInfo.java b/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthInfo.java
new file mode 100644
index 0000000000..d47380b58a
--- /dev/null
+++ b/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthInfo.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) "Neo4j"
+ * Neo4j Sweden AB [https://neo4j.com]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.neo4j.driver.internal.bolt.api;
+
+public interface AuthInfo {
+    AuthToken authToken();
+
+    long authAckMillis();
+}
diff --git a/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthData.java b/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthToken.java
similarity index 89%
rename from bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthData.java
rename to bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthToken.java
index 04d9f40156..349965e152 100644
--- a/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthData.java
+++ b/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthToken.java
@@ -19,8 +19,6 @@
 import java.util.Map;
 import org.neo4j.driver.internal.bolt.api.values.Value;
 
-public interface AuthData {
-    Map<String, Value> authMap();
-
-    long authAckMillis();
+public sealed interface AuthToken permits AuthTokenImpl {
+    Map<String, Value> asMap();
 }
diff --git a/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthTokenImpl.java b/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthTokenImpl.java
new file mode 100644
index 0000000000..a4e309caca
--- /dev/null
+++ b/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthTokenImpl.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) "Neo4j"
+ * Neo4j Sweden AB [https://neo4j.com]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.neo4j.driver.internal.bolt.api;
+
+import java.util.Map;
+import org.neo4j.driver.internal.bolt.api.values.Value;
+
+record AuthTokenImpl(Map<String, Value> map) implements AuthToken {
+    @Override
+    public Map<String, Value> asMap() {
+        return map;
+    }
+}
diff --git a/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthTokens.java b/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthTokens.java
new file mode 100644
index 0000000000..2d68ed2c90
--- /dev/null
+++ b/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/AuthTokens.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) "Neo4j"
+ * Neo4j Sweden AB [https://neo4j.com]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.neo4j.driver.internal.bolt.api;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
+import org.neo4j.driver.internal.bolt.api.values.Value;
+import org.neo4j.driver.internal.bolt.api.values.ValueFactory;
+
+public final class AuthTokens {
+    private static final String SCHEME_KEY = "scheme";
+    private static final String PRINCIPAL_KEY = "principal";
+    private static final String CREDENTIALS_KEY = "credentials";
+    private static final String REALM_KEY = "realm";
+    private static final String PARAMETERS_KEY = "parameters";
+
+    private AuthTokens() {}
+
+    public static AuthToken basic(String username, String password, String realm, ValueFactory valueFactory) {
+        Objects.requireNonNull(username);
+        Objects.requireNonNull(password);
+        Objects.requireNonNull(valueFactory);
+
+        var map = new HashMap<String, Value>(4);
+        map.put(SCHEME_KEY, valueFactory.value("basic"));
+        map.put(PRINCIPAL_KEY, valueFactory.value(username));
+        map.put(CREDENTIALS_KEY, valueFactory.value(password));
+        if (realm != null) {
+            map.put(REALM_KEY, valueFactory.value(realm));
+        }
+        return new AuthTokenImpl(Collections.unmodifiableMap(map));
+    }
+
+    public static AuthToken bearer(String token, ValueFactory valueFactory) {
+        Objects.requireNonNull(token);
+        Objects.requireNonNull(valueFactory);
+
+        var map = new HashMap<String, Value>(2);
+        map.put(SCHEME_KEY, valueFactory.value("bearer"));
+        map.put(CREDENTIALS_KEY, valueFactory.value(token));
+        return new AuthTokenImpl(Collections.unmodifiableMap(map));
+    }
+
+    public static AuthToken kerberos(String base64EncodedTicket, ValueFactory valueFactory) {
+        Objects.requireNonNull(base64EncodedTicket);
+        Objects.requireNonNull(valueFactory);
+
+        var map = new HashMap<String, Value>(3);
+        map.put(SCHEME_KEY, valueFactory.value("kerberos"));
+        map.put(PRINCIPAL_KEY, valueFactory.value("")); // This empty string is required for backwards compatibility.
+        map.put(CREDENTIALS_KEY, valueFactory.value(base64EncodedTicket));
+        return new AuthTokenImpl(Collections.unmodifiableMap(map));
+    }
+
+    public static AuthToken none(ValueFactory valueFactory) {
+        Objects.requireNonNull(valueFactory);
+
+        return new AuthTokenImpl(Collections.singletonMap(SCHEME_KEY, valueFactory.value("none")));
+    }
+
+    public static AuthToken custom(Map<String, Value> map) {
+        Objects.requireNonNull(map);
+
+        return new AuthTokenImpl(Collections.unmodifiableMap(map));
+    }
+}
diff --git a/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/BoltConnection.java b/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/BoltConnection.java
index edf2d6100e..bef1f51120 100644
--- a/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/BoltConnection.java
+++ b/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/BoltConnection.java
@@ -63,7 +63,7 @@ CompletionStage<BoltConnection> runInAutoCommitTransaction(
 
     CompletionStage<BoltConnection> logoff();
 
-    CompletionStage<BoltConnection> logon(Map<String, Value> authMap);
+    CompletionStage<BoltConnection> logon(AuthToken authToken);
 
     CompletionStage<BoltConnection> telemetry(TelemetryApi telemetryApi);
 
@@ -79,7 +79,7 @@ CompletionStage<BoltConnection> runInAutoCommitTransaction(
 
     BoltConnectionState state();
 
-    CompletionStage<AuthData> authData();
+    CompletionStage<AuthInfo> authInfo();
 
     // ----- IMMUTABLE DATA -----
 
diff --git a/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/BoltConnectionProvider.java b/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/BoltConnectionProvider.java
index 4ad17afeff..3842951156 100644
--- a/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/BoltConnectionProvider.java
+++ b/bolt-api/src/main/java/org/neo4j/driver/internal/bolt/api/BoltConnectionProvider.java
@@ -21,7 +21,6 @@
 import java.util.concurrent.CompletionStage;
 import java.util.function.Consumer;
 import java.util.function.Supplier;
-import org.neo4j.driver.internal.bolt.api.values.Value;
 
 public interface BoltConnectionProvider {
     CompletionStage<Void> init(
@@ -35,7 +34,7 @@ CompletionStage<Void> init(
     CompletionStage<BoltConnection> connect(
             SecurityPlan securityPlan,
             DatabaseName databaseName,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             AccessMode mode,
             Set<String> bookmarks,
             String impersonatedUser,
@@ -44,11 +43,11 @@ CompletionStage<BoltConnection> connect(
             Consumer<DatabaseName> databaseNameConsumer,
             Map<String, Object> additionalParameters);
 
-    CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, Map<String, Value> authMap);
+    CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, AuthToken authToken);
 
-    CompletionStage<Boolean> supportsMultiDb(SecurityPlan securityPlan, Map<String, Value> authMap);
+    CompletionStage<Boolean> supportsMultiDb(SecurityPlan securityPlan, AuthToken authToken);
 
-    CompletionStage<Boolean> supportsSessionAuth(SecurityPlan securityPlan, Map<String, Value> authMap);
+    CompletionStage<Boolean> supportsSessionAuth(SecurityPlan securityPlan, AuthToken authToken);
 
     CompletionStage<Void> close();
 }
diff --git a/driver/src/main/java/org/neo4j/driver/internal/adaptedbolt/AdaptingDriverBoltConnection.java b/driver/src/main/java/org/neo4j/driver/internal/adaptedbolt/AdaptingDriverBoltConnection.java
index e6ab52fe3d..f7ad0fe856 100644
--- a/driver/src/main/java/org/neo4j/driver/internal/adaptedbolt/AdaptingDriverBoltConnection.java
+++ b/driver/src/main/java/org/neo4j/driver/internal/adaptedbolt/AdaptingDriverBoltConnection.java
@@ -23,7 +23,8 @@
 import java.util.concurrent.CompletionStage;
 import org.neo4j.driver.Value;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
-import org.neo4j.driver.internal.bolt.api.AuthData;
+import org.neo4j.driver.internal.bolt.api.AuthInfo;
+import org.neo4j.driver.internal.bolt.api.AuthTokens;
 import org.neo4j.driver.internal.bolt.api.BoltConnection;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionState;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
@@ -159,7 +160,7 @@ public CompletionStage<DriverBoltConnection> logoff() {
     @Override
     public CompletionStage<DriverBoltConnection> logon(Map<String, Value> authMap) {
         return connection
-                .logon(boltValueFactory.toBoltMap(authMap))
+                .logon(AuthTokens.custom(boltValueFactory.toBoltMap(authMap)))
                 .exceptionally(errorMapper::mapAndTrow)
                 .thenApply(ignored -> this);
     }
@@ -200,8 +201,8 @@ public BoltConnectionState state() {
     }
 
     @Override
-    public CompletionStage<AuthData> authData() {
-        return connection.authData().exceptionally(errorMapper::mapAndTrow);
+    public CompletionStage<AuthInfo> authData() {
+        return connection.authInfo().exceptionally(errorMapper::mapAndTrow);
     }
 
     @Override
diff --git a/driver/src/main/java/org/neo4j/driver/internal/adaptedbolt/AdaptingDriverBoltConnectionProvider.java b/driver/src/main/java/org/neo4j/driver/internal/adaptedbolt/AdaptingDriverBoltConnectionProvider.java
index bd612095a6..8a549020a0 100644
--- a/driver/src/main/java/org/neo4j/driver/internal/adaptedbolt/AdaptingDriverBoltConnectionProvider.java
+++ b/driver/src/main/java/org/neo4j/driver/internal/adaptedbolt/AdaptingDriverBoltConnectionProvider.java
@@ -24,6 +24,7 @@
 import java.util.function.Supplier;
 import org.neo4j.driver.Value;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
+import org.neo4j.driver.internal.bolt.api.AuthTokens;
 import org.neo4j.driver.internal.bolt.api.BoltAgent;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionProvider;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
@@ -79,7 +80,9 @@ public CompletionStage<DriverBoltConnection> connect(
         return delegate.connect(
                         securityPlan,
                         databaseName,
-                        () -> authMapStageSupplier.get().thenApply(boltValueFactory::toBoltMap),
+                        () -> authMapStageSupplier
+                                .get()
+                                .thenApply(map -> AuthTokens.custom(boltValueFactory.toBoltMap(map))),
                         mode,
                         bookmarks,
                         impersonatedUser,
@@ -96,19 +99,19 @@ public CompletionStage<DriverBoltConnection> connect(
 
     @Override
     public CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, Map<String, Value> authMap) {
-        return delegate.verifyConnectivity(securityPlan, boltValueFactory.toBoltMap(authMap))
+        return delegate.verifyConnectivity(securityPlan, AuthTokens.custom(boltValueFactory.toBoltMap(authMap)))
                 .exceptionally(errorMapper::mapAndTrow);
     }
 
     @Override
     public CompletionStage<Boolean> supportsMultiDb(SecurityPlan securityPlan, Map<String, Value> authMap) {
-        return delegate.supportsMultiDb(securityPlan, boltValueFactory.toBoltMap(authMap))
+        return delegate.supportsMultiDb(securityPlan, AuthTokens.custom(boltValueFactory.toBoltMap(authMap)))
                 .exceptionally(errorMapper::mapAndTrow);
     }
 
     @Override
     public CompletionStage<Boolean> supportsSessionAuth(SecurityPlan securityPlan, Map<String, Value> authMap) {
-        return delegate.supportsSessionAuth(securityPlan, boltValueFactory.toBoltMap(authMap))
+        return delegate.supportsSessionAuth(securityPlan, AuthTokens.custom(boltValueFactory.toBoltMap(authMap)))
                 .exceptionally(errorMapper::mapAndTrow);
     }
 
diff --git a/driver/src/main/java/org/neo4j/driver/internal/adaptedbolt/DriverBoltConnection.java b/driver/src/main/java/org/neo4j/driver/internal/adaptedbolt/DriverBoltConnection.java
index 172a3733f5..ea9cce92e8 100644
--- a/driver/src/main/java/org/neo4j/driver/internal/adaptedbolt/DriverBoltConnection.java
+++ b/driver/src/main/java/org/neo4j/driver/internal/adaptedbolt/DriverBoltConnection.java
@@ -22,7 +22,7 @@
 import java.util.concurrent.CompletionStage;
 import org.neo4j.driver.Value;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
-import org.neo4j.driver.internal.bolt.api.AuthData;
+import org.neo4j.driver.internal.bolt.api.AuthInfo;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionState;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
 import org.neo4j.driver.internal.bolt.api.BoltServerAddress;
@@ -89,7 +89,7 @@ CompletionStage<DriverBoltConnection> runInAutoCommitTransaction(
 
     BoltConnectionState state();
 
-    CompletionStage<AuthData> authData();
+    CompletionStage<AuthInfo> authData();
 
     // ----- IMMUTABLE DATA -----
 
diff --git a/driver/src/main/java/org/neo4j/driver/internal/async/BoltConnectionWithAuthTokenManager.java b/driver/src/main/java/org/neo4j/driver/internal/async/BoltConnectionWithAuthTokenManager.java
index 3880973a6c..6bfcf569c4 100644
--- a/driver/src/main/java/org/neo4j/driver/internal/async/BoltConnectionWithAuthTokenManager.java
+++ b/driver/src/main/java/org/neo4j/driver/internal/async/BoltConnectionWithAuthTokenManager.java
@@ -41,10 +41,11 @@ public CompletionStage<Void> flush(DriverResponseHandler handler) {
 
     private Throwable mapSecurityError(Throwable throwable) {
         if (throwable instanceof SecurityException securityException) {
-            var authData = delegate.authData().toCompletableFuture().getNow(null);
-            if (authData != null
+            var authInfo = delegate.authData().toCompletableFuture().getNow(null);
+            if (authInfo != null
                     && authTokenManager.handleSecurityException(
-                            new InternalAuthToken(BoltValueFactory.getInstance().toDriverMap(authData.authMap())),
+                            new InternalAuthToken(BoltValueFactory.getInstance()
+                                    .toDriverMap(authInfo.authToken().asMap())),
                             securityException)) {
                 throwable = new SecurityRetryableException(securityException);
             }
diff --git a/driver/src/main/java/org/neo4j/driver/internal/async/DelegatingBoltConnection.java b/driver/src/main/java/org/neo4j/driver/internal/async/DelegatingBoltConnection.java
index 8dac15edb6..1d596bf862 100644
--- a/driver/src/main/java/org/neo4j/driver/internal/async/DelegatingBoltConnection.java
+++ b/driver/src/main/java/org/neo4j/driver/internal/async/DelegatingBoltConnection.java
@@ -25,7 +25,7 @@
 import org.neo4j.driver.internal.adaptedbolt.DriverBoltConnection;
 import org.neo4j.driver.internal.adaptedbolt.DriverResponseHandler;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
-import org.neo4j.driver.internal.bolt.api.AuthData;
+import org.neo4j.driver.internal.bolt.api.AuthInfo;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionState;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
 import org.neo4j.driver.internal.bolt.api.BoltServerAddress;
@@ -171,7 +171,7 @@ public BoltConnectionState state() {
     }
 
     @Override
-    public CompletionStage<AuthData> authData() {
+    public CompletionStage<AuthInfo> authData() {
         return delegate.authData();
     }
 
diff --git a/driver/src/main/java/org/neo4j/driver/internal/boltlistener/ListeningBoltConnection.java b/driver/src/main/java/org/neo4j/driver/internal/boltlistener/ListeningBoltConnection.java
index cec9f5c218..6731c0d99c 100644
--- a/driver/src/main/java/org/neo4j/driver/internal/boltlistener/ListeningBoltConnection.java
+++ b/driver/src/main/java/org/neo4j/driver/internal/boltlistener/ListeningBoltConnection.java
@@ -22,7 +22,8 @@
 import java.util.Set;
 import java.util.concurrent.CompletionStage;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
-import org.neo4j.driver.internal.bolt.api.AuthData;
+import org.neo4j.driver.internal.bolt.api.AuthInfo;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BoltConnection;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionState;
 import org.neo4j.driver.internal.bolt.api.BoltProtocolVersion;
@@ -138,8 +139,8 @@ public CompletionStage<BoltConnection> logoff() {
     }
 
     @Override
-    public CompletionStage<BoltConnection> logon(Map<String, Value> authMap) {
-        return delegate.logon(authMap).thenApply(ignored -> this);
+    public CompletionStage<BoltConnection> logon(AuthToken authToken) {
+        return delegate.logon(authToken).thenApply(ignored -> this);
     }
 
     @Override
@@ -173,8 +174,8 @@ public BoltConnectionState state() {
     }
 
     @Override
-    public CompletionStage<AuthData> authData() {
-        return delegate.authData();
+    public CompletionStage<AuthInfo> authInfo() {
+        return delegate.authInfo();
     }
 
     @Override
diff --git a/driver/src/main/java/org/neo4j/driver/internal/boltlistener/ListeningBoltConnectionProvider.java b/driver/src/main/java/org/neo4j/driver/internal/boltlistener/ListeningBoltConnectionProvider.java
index 8cd6e438fc..cad70d7936 100644
--- a/driver/src/main/java/org/neo4j/driver/internal/boltlistener/ListeningBoltConnectionProvider.java
+++ b/driver/src/main/java/org/neo4j/driver/internal/boltlistener/ListeningBoltConnectionProvider.java
@@ -23,6 +23,7 @@
 import java.util.function.Consumer;
 import java.util.function.Supplier;
 import org.neo4j.driver.internal.bolt.api.AccessMode;
+import org.neo4j.driver.internal.bolt.api.AuthToken;
 import org.neo4j.driver.internal.bolt.api.BoltAgent;
 import org.neo4j.driver.internal.bolt.api.BoltConnection;
 import org.neo4j.driver.internal.bolt.api.BoltConnectionProvider;
@@ -33,7 +34,6 @@
 import org.neo4j.driver.internal.bolt.api.NotificationConfig;
 import org.neo4j.driver.internal.bolt.api.RoutingContext;
 import org.neo4j.driver.internal.bolt.api.SecurityPlan;
-import org.neo4j.driver.internal.bolt.api.values.Value;
 
 final class ListeningBoltConnectionProvider implements BoltConnectionProvider {
     private final BoltConnectionProvider delegate;
@@ -60,7 +60,7 @@ public CompletionStage<Void> init(
     public CompletionStage<BoltConnection> connect(
             SecurityPlan securityPlan,
             DatabaseName databaseName,
-            Supplier<CompletionStage<Map<String, Value>>> authMapStageSupplier,
+            Supplier<CompletionStage<AuthToken>> authTokenStageSupplier,
             AccessMode mode,
             Set<String> bookmarks,
             String impersonatedUser,
@@ -71,7 +71,7 @@ public CompletionStage<BoltConnection> connect(
         return delegate.connect(
                         securityPlan,
                         databaseName,
-                        authMapStageSupplier,
+                        authTokenStageSupplier,
                         mode,
                         bookmarks,
                         impersonatedUser,
@@ -87,18 +87,18 @@ public CompletionStage<BoltConnection> connect(
     }
 
     @Override
-    public CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, Map<String, Value> authMap) {
-        return delegate.verifyConnectivity(securityPlan, authMap);
+    public CompletionStage<Void> verifyConnectivity(SecurityPlan securityPlan, AuthToken authToken) {
+        return delegate.verifyConnectivity(securityPlan, authToken);
     }
 
     @Override
-    public CompletionStage<Boolean> supportsMultiDb(SecurityPlan securityPlan, Map<String, Value> authMap) {
-        return delegate.supportsMultiDb(securityPlan, authMap);
+    public CompletionStage<Boolean> supportsMultiDb(SecurityPlan securityPlan, AuthToken authToken) {
+        return delegate.supportsMultiDb(securityPlan, authToken);
     }
 
     @Override
-    public CompletionStage<Boolean> supportsSessionAuth(SecurityPlan securityPlan, Map<String, Value> authMap) {
-        return delegate.supportsSessionAuth(securityPlan, authMap);
+    public CompletionStage<Boolean> supportsSessionAuth(SecurityPlan securityPlan, AuthToken authToken) {
+        return delegate.supportsSessionAuth(securityPlan, authToken);
     }
 
     @Override