diff --git a/authd/provider.c b/authd/provider.c
index 8288f295f..dd63d6a85 100644
--- a/authd/provider.c
+++ b/authd/provider.c
@@ -374,3 +374,18 @@ provider_timeout_event(void *notused __unused)
 		}
 	}
 }
+
+void *
+get_provider_data(struct auth_client *auth, uint32_t id)
+{
+	lrb_assert(id < rb_dlink_list_length(&auth_providers));
+	return auth->data[(size_t)id];
+}
+
+void
+set_provider_data(struct auth_client *auth, uint32_t id, void *data)
+{
+	lrb_assert(id < rb_dlink_list_length(&auth_providers));
+	auth->data[(size_t)id] = data;
+}
+
diff --git a/authd/provider.h b/authd/provider.h
index ca06c01ce..fdf1211e2 100644
--- a/authd/provider.h
+++ b/authd/provider.h
@@ -93,14 +93,14 @@ struct auth_provider
 	struct auth_opts_handler *opt_handlers;
 };
 
-extern rb_dlink_list auth_providers;
-extern rb_dictionary *auth_clients;
-
 extern struct auth_provider rdns_provider;
 extern struct auth_provider ident_provider;
 extern struct auth_provider blacklist_provider;
 extern struct auth_provider opm_provider;
 
+extern rb_dlink_list auth_providers;
+extern rb_dictionary *auth_clients;
+
 void load_provider(struct auth_provider *provider);
 void unload_provider(struct auth_provider *provider);
 
@@ -115,6 +115,9 @@ void reject_client(struct auth_client *auth, provider_t id, const char *data, co
 void handle_new_connection(int parc, char *parv[]);
 void handle_cancel_connection(int parc, char *parv[]);
 
+void *get_provider_data(struct auth_client *auth, uint32_t id);
+void set_provider_data(struct auth_client *auth, uint32_t id, void *data);
+
 /* Provider is operating on this auth_client (set this if you have async work to do) */
 static inline void
 set_provider_on(struct auth_client *auth, provider_t provider)