A credentials extractor is a system in TiddlyWeb, part of the Auth Model that looks at an incoming web request and extracts, where possible, user information from the request and validates it. If the information is valid it is put into tiddlyweb.usersign for later use. If no information is found, the user is determined to be GUEST.

Multiple extractors are managed by UserExtract and configured by the extractors configuration item.

TiddlyWeb comes pre-packaged with two extractors:

• http_basic

  Checks the request for HTTP Basic Authorization credentials and verifies them against the TiddlyWeb

  User datastore. Note: there is no challenger for HTTP Basic. It is assumed that if someone wants to use HTTP Basic they will just put the necessary information in the headers of their request.
  
• simple_cookie: Checks the request for a cookie named tiddlyweb_user with a hashed value. Both the openid and cookie_form challengers will set this cookie to the provided username if the challenger passes.
  
  

While there is no requirement that an extractor do so, both of these mentioned above will query the User datastore with the discovered username to look for roles. If any are found they are added to tiddlyweb.usersign.

Additional extractors can be added to the system by adding module names to the extractors list in tiddlywebconfig.py. The modules should contain a class called Extractor that implements the ExtractorInterface.