the user has a resource and will always send a static auth proof to some location.
IF NEEDED:
If possible, prior to starting, determine if auth is needed (e.g. expired token, no token, etc). If there is no way to tell at this stage, assume it is needed.
Send a request to somewhere asking for a token.
Apply transformations to retrieved values as needed.
static creds (e.g. HTTP Basic Auth). creds and their target location are supplied. HTTP Basic can be automatically selected as an AuthType.
dynamic creds - something is retrieved that proves authentication ("AuthProof"). This CAN be stored, if it is not one-time. The parameters for AuthTypes that specify this are where it comes from (flow exectuion) and where to capture the thing from, and how to tell expiration, and how to transform it, and where to put it.
Authentication
ALWAYS SEND:
IF NEEDED: