There are different ways of authenticating the user and which one you should choose depends on the scenario that the Access Provider will be used in.
If your application resides client-side and expect end-user interaction, the authentication should be done through OpenID Connect. That means that the first call through Access Provider will open a web page showing a login page from the Identity Provider and the user is expected to enter the credentials there. For more information about OpenID and the authentication mechanisms, see here.
When using OpenID, the credentials are not known to the client, so never use any methods that explicitly set username or password.
If the application is on server side and doesn't involve user interaction, it can be run in Compatibility Mode. Compatibility Mode uses Basic Authentication instead of OpenID and the username and password are used. If your application sets any credentials on the FndConnection, Compatibility Mode is automatically assumed. There are two ways to set credentials on FndConnection:
FndConnection conn = new FndConnection("<host>:<port>",
"<identity>", "<password>");
conn.SetCredentials("<identity>", "<password>");
If the application using Access Provider resides on the server side, but somehow communicates with interactive users running some client, OpenID must be used, but not from Access Provider. In this scenario the client must obtain the access token from the Identity Provider by itself and pass it on to the Access Provider.