Currently the test-framework is enforcing a secret to be present within the supplied credential (via environment variable DEFAULT_SECRET).
This is not an ideal example on how framework developers should approach authentication.
The presence check for the password has to be done within the authenticatee (-module) implementation itself, if needed.
secret is typed optional bytes within the Credential proto message and should be handled accordingly by the framework to allow for password free (e.g. credential cache based) authentication.