TiddlyWeb currently includes support for simple username and password authentication against users stored in the store. Plugins provide other methods, including OpenID, for example tiddlywebplugins.openid2.
Challengers are by design triggered only when unauthorized content is accessed but can be explicitly triggered by going to the
/challenge URL on your installation.
See Auth Model for more information.