SessionAuthenticator identify option does not work.

[robertpustulka]

I set up authentication as below:

    public function authentication(AuthenticationServiceInterface $authentication)
    {
        $authentication->loadIdentifier('Authentication.Password');

        $authentication->loadAuthenticator('Authentication.Session', [
            'identify' => true
        ]);
        $authentication->loadAuthenticator('Authentication.Form');

        return $authentication;
    }

Identity verification won't work. SessionAuthenticator assumes that the data persisted in session provides a plain text password: https://github.com/cakephp/authentication/blob/master/src/Authenticator/SessionAuthenticator.php#L60-L63

We need an alternative approach to reidentify the identity since we can't expect that stored identity data will provide plain text password for identifiers.

This will be needed for the CookieAuthenticator as well.

[robertpustulka]

I was wondering if we could have a simple IdIdentifier for identity reverification?

This way persistence authenticators could check if an identity with given id still exist in a database (isn't banned or something).

[robertpustulka]

Resolved as a part of #153