Flow control

Flow controllers do not directly verify whether credentials are valid. Instead, they act like a traffic director, guiding the authentication process when several authenticators or steps are involved. Just as a traffic director points cars in the right direction but doesn’t check their licenses, flow controllers coordinate the process, while the actual validation of passwords, tokens, or other credentials is handled by the authenticators designed for that purpose.