Dancer2::Plugin::Auth::Extensible::Role::Provider - base role for authentication providers


Base Moo::Role for authentication providers.

Also provides secure password matching which automatically handles crypted passwords via Crypt::SaltedHash.



The calling Dancer2::Plugin::Auth::Extensible object.



Defaults to the value of "disable_roles" in Dancer2::Plugin::Auth::Extensible.


The encryption_algorithm used by "encrypt_password".

Defaults to 'SHA-512';


match_password $given, $correct

Matches $given password with the $correct one.

encrypt_password $password

Encrypts password $password with "encryption_algorithm" and returns the encrypted password.


The following methods must be implemented by the consuming provider class.

required methods

  • authenticate_user $username, $password

    If either of $username or $password are undefined then die.

    Return true on success.

optional methods

The following methods are optional and extend the functionality of the provider.

  • get_user_details $username

    Die if $username is undefined. Otherwise return a user object (if appropriate) or a hash reference of user details.

  • get_user_roles $username

    Die if $username is undefined. Otherwise return an array reference of user roles.

  • create_user %user

    Create user with fields specified in %user.

    Method should croak if username key is empty or undefined. If a user with the specified username already exists then we would normally expect the method to die though this is of course dependent on the backend in use.

    The new user should be returned.

  • get_user_by_code $code

    Try to find a user which has pw_reset_code field set to $code.

    Returns the user on success.

  • set_user_details $username, %update

    Update user with $username according to %update.

    Passing an empty or undefined $username should cause the method to die.

    The update user should be returned.

  • set_user_password $username, $password

    Set the password for the user specified by $username to <$password> encrypted using "encrypt_password" or via whatever other method is appropriate for the backend.

  • password_expired $user

    The $user should be as returned from "get_user_details". The method checks whether the user's password has expired and returns 1 if it has and 0 if it has not.