Well for example, I've built up a little thing (very much not a library, I probably should put it in one sometime though...), I have an
account schema, GUID keys, this is the base of all the users information.
From that I have an
account_google as one example, it holds the information like tokens and so forth from a google OAuth request, its primary key is a foreign key to the account primary key, always a one-to-one match and the google one cannot exist without the account one. I have a variety of other ones like this for github, steam, facebook, as well as an
account_local schema. The local one exists in only one of my systems so far (I do not even have any form of a local login for the other dozen little servers I have, oauth only for them) but it contains a login id, hashed password, and a bit of other data.
Needless to say, coherence is very much not usable for the majority of authentication purposes I've ever experienced.
Now in my thing I've built up, say, a password reset thing, simple plug in the ueberauth style, it just redirects to the proper place for a given login type (say google) or handles a local one (I confirm they are who they are based on some internal information to this company so I've not needed email yet, but that style would not be hard either).
I can go in to a lot more information at some other time, but I'm fairly busy at the moment, in a crunch period. ^.^
Lots and lots of examples, but the biggest one for me is the *very* specific view style it uses, basically logins via websocket, other sources, or even customizing and breaking up views in unique ways (I have a lot of little subviews all over that does not fit that style well), I have more about this in a lot more detail, but I am not in the mindset right now (my mind is in oh-god-too-much-sql mode right now, I'm making SQL queries that are many many pages in length, blehg...)
It should not necessarily have a way to do authorization, but it needs a way to let you populate your own authorizations, for example in my system I use a set of allow/deny permissions with arguments (stored as json in the database currently, eh), but in addition to those populated I get information from google and LDAP and other places to give them or deny them more permissions, so I have to get that information from the authentication layer as it can change on the fly from those systems.
Coherence could become something really really useful over time, but so far it does not meet even my minimal requirements, ignoring the advanced features that I need that I'm not even sure how to shoehorn into its current design. ^.^;