I would like to integrate a WordPress site with an external authentication (single sign-on) service. This service uses a custom protocol so I don't expect to be able to use a standard plugin; rather, I'm looking to write my own plugin.
I have read the documentation on the 'authenticate' filter, but it's not clear to me at what point the filter gets invoked. The fact that it gets passed username and password parameters suggest it is invoked after the WordPress login page gets submitted. I'm hoping this isn't the case however, because the flow I'm looking to implement should not involve displaying the WordPress login page. (Think something like OAuth.)
Can anyone provide illumination?