CredentialsModel

A full set of credentials may be provided to support fully embedded authentication (including scraped redirects).

Credentials are not required. The user will provide them to the service provider during a redirect.

Only a user identifier without a password may be provided. This is typically the case for decoupled authentication where the user e.g. authorizes access in a mobile application. Note that if password-less authentication fails (e.g. as no device for decoupled authentication is set up for the user and a redirect is not supported), an error is returned and the transaction has to be restarted with a full set of credentials.