A credentials extractor is a system in TiddlyWeb, part of the Auth Model that looks at an incoming web request and //extracts//, where possible, user information from the request and validates it. If the information is valid it is put into tiddlyweb.usersign for later use. If no information is found, the user is set as {{{GUEST}}}.
Multiple extractors are managed by UserExtract and configured by the extractors configuration item.
TiddlyWeb comes pre-packaged with two extractors:
- ''http_basic'': Checks the request for HTTP Basic Authorization credentials and verifies them against the TiddlyWeb User datastore. //Note//: there is no challenger for HTTP Basic. It is assumed that if someone wants to use HTTP Basic they will just put the necessary information in the headers of their request.
- ''simple_cookie'': Checks the request for a cookie named {{{tiddlyweb_user}}} with a hashed value. The {{{cookie_form}}} challenger will set this cookie to the provided username if the challenger passes.
While there is no requirement that an extractor do so, both above will query the User datastore with the discovered username to look for roles. If any are found they are added to tiddlyweb.usersign.
Additional extractors can be added to the system by adding module names to the {{{extractors}}} list in tiddlywebconfig.py. The modules should contain a class called {{{Extractor}}} that implements the ExtractorInterface.