IdentityStore is where we can store user details such as user ID, secrets, and other information associated with that particular identity. The IdentityStore API in Java EE 8 is an interface that is used to interact with the identity stores in order to validate the user credentials against the identity store. The API takes in the credentials, validates the data in the identity store, and returns the validation result. The idea of this abstraction is to ease the use of identity stores for user authentication and authorization mechanisms. The IdentityStore mechanism operates as follows:

The user's credentials can consist of a userID and Password, or an OAuth token, depending on the data store implementation in the application. The IdentityStore API validates this information by locating this data in the data store, and returns a status to indicate whether or not the authentication is successful. The API can be implemented to return other membership details, such as the group or role association of the identity.

There are multiple IdentityStore implementations available, including embedded identity store implementations, and database and LDAP implementations. These built-in  IdentityStore implementations can easily be configured through annotations, and can also be made available for use in the application for authenticating identities.