+ get_pass_by_user => sub {
+ my ($auth_obj, $user) = @_;
+ my $pass = $some_obj->get_pass({user => $user});
+ return $pass;
+ }
+
+Alternately, get_pass_by_user may return a hashref of data items that
+will be added to the data object if the token is valid. The hashref
+must also contain a key named real_pass or password that contains the
+password. Note that keys passed back in the hashref that are already
+in the data object will override those in the data object.
+
+ get_pass_by_user => sub {
+ my ($auth_obj, $user) = @_;
+ my ($pass, $user_id) = $some_obj->get_pass({user => $user});
+ return {
+ password => $pass,
+ user_id => $user_id,
+ };
+ }
+
+=item C<verify_password>
+
+Called by verify_token. Passed the password to check as well as the
+auth data object. Should return true if the password matches.
+Default method can handle md5, crypt, cram, secure_hash_cram, and
+plaintext (all of the default types supported by generate_token). If
+a property named verify_password exists, it will be used and called as
+a coderef rather than using the default method.
+
+=item C<verify_payload>
+
+Called by verify_token. Passed the password to check as well as the
+auth data object. Should return true if the payload is valid.
+Default method returns true without performing any checks on the
+payload. If a property named verify_password exists, it will be used
+and called as a coderef rather than using the default method.
+
+