The Authenticator interface is used for authenticating credentials.

Authenticators are specific to a transport and external authentication mechanism and must be implemented specifically for an application.

The design of the Authentication class allows for multi-request authentication schemes.

For multi-step authentication mechanisms, the Authenticator must be able to handle multiple authentication conversations simultaneously.

Creates the Authenticator.

Destroys the Authenticator.

Verifies that the given credentials are valid.

Returns an AuthenticateResult encapsulating the state of the authentication exchange.

Depending on the specific authentication mechanism, multiple calls to authenticate() may be necessary. In the first call, conversationID should be 0. In subsequent calls, conversationID must contain the conversationID returned in AuthenticateResult by the previous call.

Authenticators supporting multi-step conversations must be able to handle multiple simultaneous conversations. For that purpose, the conversationID is used to associate calls to authenticate with existing conversations.

As long as the state is AUTH_CONTINUE, the Credentials in the AuthenticateResult will be returned back to the client. If the state is AUTH_DONE, the credentials (if set) will be passed on to the Context and will be available to the Authorizer. However, the exact semantics are up to the specific Transport implementation.