[Improvement] Set default Identifiers based on the default configuration

[umer936]

Extended from #733 , expanded into it's own issue as the previous is addressed.

Identifiers are now to be set per Authenticator.
But some Authenticators ask for an Identifier when they may not need one. For example, Form shouldn't need one if it's [username, password] as those are the default fields https://github.com/cakephp/authentication/blob/3.x/src/Authenticator/FormAuthenticator.php#L44 , so IMO the default Identifier should be Authentication.Password.

This feels like it should be enough

    public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface
    {
        $service = new AuthenticationService([
            'unauthenticatedRedirect' => [
                'prefix' => false,
                'plugin' => null,
                'controller' => 'Users',
                'action' => 'login',
            ],
            'queryParam' => 'redirect',
        ]);

        // Load the authenticators. Session should be first.
        $service->loadAuthenticator('Authentication.Session');
        $service->loadAuthenticator('Authentication.Form');

        return $service;
    }

Rather than needing to do this:

    public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface
    {
        $service = new AuthenticationService([
            'unauthenticatedRedirect' => [
                'prefix' => false,
                'plugin' => null,
                'controller' => 'Users',
                'action' => 'login',
            ],
            'queryParam' => 'redirect',
        ]);

        // Load the authenticators. Session should be first.
        $service->loadAuthenticator('Authentication.Session');
        $service->loadAuthenticator('Authentication.Form', [
            'identifier' => 'Authentication.Password',
        ]);

        return $service;
    }

[dereuromark]

#734

[umer936]

This is an extension to the other one. The other one was a bugfix, this is a potential improvement for good defaults for the different Authenticators.

[markstory]

I think having the FormAuthenticator use the password identifier by default is a great idea 👍. We could likely do the same with other authenticators like Basic, Digest, Token and Jwt.

[rochamarcelo]

Is identifier still needed after recent changes?

[dereuromark]

The defaulting hasnt been added yet, but it would still be needed if you wanted to customize it somehow.

[rochamarcelo]

If authenticators will not use identifier collection I would expect an Identifier to throw exception if credential is missing instead of returning null (ex: https://github.com/cakephp/authentication/blob/3.x/src/Identifier/TokenIdentifier.php#L50)
This help to detect use of incompatible identifier (ex: Using Token for a FormAuthenticator)

Authenticators only call identifier when request has credentials.

[dereuromark]

The exceptions need to be a feature flag or new major, I dont think it is very BC to just add right now.