This article will talk about the various design elements involved in an authentication api.
Goals to consider:
- Non-protocol based mechanism where the principal passes tokens to the authentication framework - credential, certificate, OTP etc.
- Protocol based mechanisms such as HTTPDigest, HTTPForm, HTTPBasic etc which can retrieve the user token in a predefined manner.
- Identity Store that has the Principal's information (credential, serial number, certificate etc).
- Minimize indirections such that the API is flexible, extensible yet easy to understand.