Drupal 8 incorporates a modular authentication system where different authentication providers can authenticate a user from a given request. The core built-in authentication providers are the cookie provider, which returns an authenticated or anonymous user depending on the presence of a cookie, and the basic authentication provider, which checks if the user name and password are in the request headers and finds a user. Authentication providers have a priority and are called in order by the authentication manager to authenticate the user for a request. Modules can also define custom authentication providers for routes, REST resources, and views.