Single-use callback provided to the authenticate call.
The authentication has neither passed nor failed.
Authentication passed - allow the authentication request with modifications to the session properties.
this can include all allowed user-defined session properties, as well as a subset of fixed session properties see authenticate.
Authentication passed - allow the authentication request with fixed properties as supplied but no user-defined properties.
Authentication failed - deny the authentication request.