It would be great if UsernamePasswordAuthProvider could be restructured to separate the view from the business logic. For example, it currently has private methods dealing with Forms and it redirects the client browser to appropriate urls, which tightly couples the implementations, and makes it impossible to use an alternative front-end (client-side templates, REST API, etc.). Ideally, the parent provider would contain only the authentication logic, and subclasses would implement the specifics of user interactions and/or returning results to the client.
It would be great if UsernamePasswordAuthProvider could be restructured to separate the view from the business logic. For example, it currently has private methods dealing with Forms and it redirects the client browser to appropriate urls, which tightly couples the implementations, and makes it impossible to use an alternative front-end (client-side templates, REST API, etc.). Ideally, the parent provider would contain only the authentication logic, and subclasses would implement the specifics of user interactions and/or returning results to the client.