--- /dev/null
+package Catalyst::Authentication::User;
+
+use strict;
+use warnings;
+use base qw/Class::Accessor::Fast/;
+
+## auth_realm is the realm this user came from.
+BEGIN {
+ __PACKAGE__->mk_accessors(qw/auth_realm store/);
+}
+
+## THIS IS NOT A COMPLETE CLASS! it is intended to provide base functionality only.
+## translation - it won't work if you try to use it directly.
+
+## chances are you want to override this.
+sub id { shift->get('id'); }
+
+## this relies on 'supported_features' being implemented by the subclass..
+## but it is not an error if it is not. it just means you support nothing.
+## nihilist user objects are welcome here.
+sub supports {
+ my ( $self, @spec ) = @_;
+
+ my $cursor = undef;
+ if ($self->can('supported_features')) {
+ $cursor = $self->supported_features;
+
+ # traverse the feature list,
+ for (@spec) {
+ #die "bad feature spec: @spec" if ref($cursor) ne "HASH";
+ return if ref($cursor) ne "HASH";
+
+ $cursor = $cursor->{$_};
+ }
+ }
+
+ return $cursor;
+}
+
+## REQUIRED.
+## get should return the value of the field specified as it's single argument from the underlying
+## user object. This is here to provide a simple, standard way of accessing individual elements of a user
+## object - ensuring no overlap between C::P::A::User methods and actual fieldnames.
+## this is not the most effecient method, since it uses introspection. If you have an underlying object
+## you most likely want to write this yourself.
+sub get {
+ my ($self, $field) = @_;
+
+ my $object;
+ if ($object = $self->get_object and $object->can($field)) {
+ return $object->$field();
+ } else {
+ return undef;
+ }
+}
+
+## REQUIRED.
+## get_object should return the underlying user object. This is for when more advanced uses of the
+## user is required. Modifications to the existing user, etc. Changes in the object returned
+## by this routine may not be reflected in the C::P::A::User object - if this is required, re-authenticating
+## the user is probably the best route to take.
+## note that it is perfectly acceptable to return $self in cases where there is no underlying object.
+sub get_object {
+ return shift;
+}
+
+## Backwards Compatibility
+## you probably want auth_realm, in fact. but this does work for backwards compatibility.
+## store should be a read-write accessor - so it was moved to mk_accessors
+##sub store {
+## my ($self) = @_;
+## return $self->auth_realm->{store};
+##}
+
+__PACKAGE__;
+
+__END__
+
+=pod
+
+=head1 NAME
+
+Catalyst::Authentication::User - Base class for user objects.
+
+=head1 SYNOPSIS
+
+ package MyStore::User;
+ use base qw/Catalyst::Authentication::User/;
+
+=head1 DESCRIPTION
+
+This is the base class for authenticated
+
+=head1 METHODS
+
+=head2 id( )
+
+A unique ID by which a user can be retrieved from the store.
+
+=head2 store( )
+
+Should return a class name that can be used to refetch the user using it's
+ID.
+
+=head2 supports( )
+
+An introspection method used to determine what features a user object has, to support credential and authorization plugins.
+
+=head2 get( )
+
+=head2 get_object( )
+
+=cut
+