Difference between Authenticate and IdentityService

#1

Hi

What is the use of Authenticate and IdentityService. How are they different?

In my code, I receive a json with username and password. First I create Credentials,

val credentials: Credentials = Credentials(signinInfo.signinInfo.email, signinInfo.signinInfo.password)

Then I call CredentialsProvider's authenticate method

val loginInfoFuture: Future[LoginInfo] = credentialsProvider.authenticate(credentials)

and then I call IdentityService's retrieve.

val userOptionFuture: Future[Option[User]] = silhouette.env.identityService.retrieve(loginInfo)

I am struggling to understand how the flow works internally in silhouette. How is the username and password information in the message getting validated?

What CredentialsProvider seem to do is simply call def loginInfo(credentials: Credentials): Future[LoginInfo] = Future.successful(LoginInfo(id, credentials.identifier)). So do I really need to call authenticate? I could just create the LoginInfo myself in the code.

Could there be a scenario when authenicate might fail?

#2

I think I get it. authenticate method of CredentialsProvider will first create LoginInfo
using the user id in credentials and will then call internal meethod authenticate of PasswordProvider class which CredentialsProvider extends. authenticate will call authInfoRepository.find. authInfoRepository is set by us when the CredentialsProvider was created it maps to PasswordRepo. It will call PasswordRepository’s find method to look for PasswordInfo. Depending on whether the id and password exists or not, the Future from authenticate will either return teh loginInfo or will throw an exception.
case Authenticated => loginInfo
case InvalidPassword(error) => throw new InvalidPasswordException(error)
case UnsupportedHasher(error) => throw new ConfigurationException(error)
case NotFound(error) => throw new IdentityNotFoundException(error)

Now once we have loginnInfo, we can retrieve the complete information about (eg user profile) by callinng IdentityService.retrieve. Eg a UserService could extend IdentityService and override retrieve method to return UserProfile using loginInfo