diff --git a/index.js b/index.js
index ee08756..c27d273 100644
--- a/index.js
+++ b/index.js
@@ -2,7 +2,7 @@ const auth = require('basic-auth')
 const assert = require('assert')
 
 function ensureFunction(option, defaultValue) {
-    if(option == undefined)
+    if(option === undefined)
         return function() { return defaultValue }
 
     if(typeof option != 'function')
@@ -14,20 +14,20 @@ function ensureFunction(option, defaultValue) {
 function buildMiddleware(options) {
     var challenge = options.challenge != undefined ? !!options.challenge : false
     var users = options.users || {}
-    var authorizer = options.authorizer || staticUsersAuthorizer
-    var isAsync = options.authorizeAsync != undefined ? !!options.authorizeAsync : false
+    var isAsync = options.hasOwnProperty(authorizeAsync) && !!options.authorizeAsync
     var getResponseBody = ensureFunction(options.unauthorizedResponse, '')
     var realm = ensureFunction(options.realm)
+    var authorizer
 
-    assert(typeof users == 'object', 'Expected an object for the basic auth users, found ' + typeof users + ' instead')
-    assert(typeof authorizer == 'function', 'Expected a function for the basic auth authorizer, found ' + typeof authorizer + ' instead')
-
-    function staticUsersAuthorizer(username, password) {
-        for(var i in users)
-            if(username == i && password == users[i])
-                return true
-
-        return false
+    if(options.hasOwnProperty('users')) {
+        assert(typeof users == 'object', 'Expected an object for the basic auth users, found ' + typeof users + ' instead')
+        assert(!options.authorizer, 'An users object cannot be combined with a custom authorizer')
+        authorizer = function(username, password) {
+            return users.indexOf(username) !== -1 && password === users[username]
+        }
+    } else {
+        assert(typeof options.authorizer == 'function', 'Expected a function for the basic auth authorizer, found ' + typeof authorizer + ' instead')
+        authorizer = options.authorizer
     }
 
     return function authMiddleware(req, res, next) {
@@ -41,12 +41,12 @@ function buildMiddleware(options) {
             password: authentication.pass
         }
 
+        var authorized = authorizer(authentication.name, authentication.pass, authorizerCallback)
+
         if(isAsync)
-            return authorizer(authentication.name, authentication.pass, authorizerCallback)
-        else if(!authorizer(authentication.name, authentication.pass))
-            return unauthorized()
+            return authorized
 
-        return next()
+        return (authorized === true) ? next() : unauthorized()
 
         function unauthorized() {
             if(challenge) {