...
Then the postauth callbacks are called with a Authentication postauth object
After this it checks if authentication was sucessfully.
If unsuccesfull then it increases the attempt count, and creates a Authentication postauthfail object and runs the postauthfail callback
If successfull then it creates a Authentication postauthsuccess object and runs the postauthsuccess callback and then runs stores any appropriate data in the session before ending the function
...