In general, for security reasons, it is preferable to use the
auth-domain-specific auth callbacks (eg,
callbackAuthDomainBasicAuthCallback and
callbackAuthDomainDigestAuthCallback), because they don't require
keeping a cleartext password database. Most users will use the same
password for many different sites, meaning if any site with a
cleartext password database is compromised, accounts on other
servers might be compromised as well. For many of the cases where
classServer is used, this is not really relevant, but it may still
be worth considering.
The prototype for a #SoupAuthDomain generic authentication callback.
The callback should look up the user's password, call soup.auth_domain.AuthDomain.checkPassword, and use the return value from that method as its own return value.
In general, for security reasons, it is preferable to use the auth-domain-specific auth callbacks (eg, callbackAuthDomainBasicAuthCallback and callbackAuthDomainDigestAuthCallback), because they don't require keeping a cleartext password database. Most users will use the same password for many different sites, meaning if any site with a cleartext password database is compromised, accounts on other servers might be compromised as well. For many of the cases where classServer is used, this is not really relevant, but it may still be worth considering.