extractors is a configuration setting which defines which credentials extractors are available to the system. The default setting is:

'extractors': [
    'http_basic',
    'simple_cookie'],

This means that, by default, every request is inspected for valid (in order):

• HTTP Basic Authentication credentials that map to an existing User and their password.
• A tiddlyweb_user Cookie that is authentic.

Changing this list changes how user information is extracted from requests.