Clients that are communicating with the server over HTTP can authenticate in one of two ways:
- HTTP basic authentication
- The client provides a simple username and password. An identity mapper is used to identify the entry, and the password is used to prove that identity.
- An OAuth bearer token
- The client provides the server with an OAuth 2.0 bearer token and the server uses an access token validator to verify that the token is authentic and map it to a user’s entry.
The set of authentication methods used depends on the endpoint with which the client is communicating.