Support customizable Authentication schemes

[dimas-b]

Is your feature request related to a problem? Please describe.

PolarisPrincipalAuthenticatorFilter requires all auth tokens to be Bearer.

Describe the solution you'd like

It would be nice to allow other (possibly pluggable) Authentication schemes.

Also, it would be nice to allow running without the Authorization header (e.g. for testing purposes).

Describe alternatives you've considered

No response

Additional context

No response

[adutra]

Should we modify the Authenticator.authenticate() method and pass the entire request to the authenticator, so that it can take any action it needs to take? (Similar to what we do to resolve the realm)

[dimas-b]

That was my immediate thought and I almost opened a simple PR for that, but then I realized that in principle one can leverage the Quarkus Authentication Mechanism framework, in which case application-level filters are not necessary as all... so I filed this issue for discussion / collaboration.

[flyrain]

Thanks for filing this! I think this could be useful, but let’s take a step back and look at the use cases first. What other authentication schemes do users and developers care about? Any challenges we might face? cc @dennishuo @collado-mike @eric-maynard