diff --git a/core/lib/Drupal/Core/Authentication/AuthenticationManager.php b/core/lib/Drupal/Core/Authentication/AuthenticationManager.php
index ba9fee5..8ea0ff4 100644
--- a/core/lib/Drupal/Core/Authentication/AuthenticationManager.php
+++ b/core/lib/Drupal/Core/Authentication/AuthenticationManager.php
@@ -23,7 +23,7 @@
  * be responsible. If no provider set an active user then the user is set to
  * anonymous.
  */
-class AuthenticationManager implements AuthenticationProviderInterface {
+class AuthenticationManager implements AuthenticationProviderInterface, AuthenticationManagerInterface {
 
   /**
    * Array of all registered authentication providers, keyed by ID.
diff --git a/core/lib/Drupal/Core/Authentication/AuthenticationManagerInterface.php b/core/lib/Drupal/Core/Authentication/AuthenticationManagerInterface.php
new file mode 100644
index 0000000..b547edd
--- /dev/null
+++ b/core/lib/Drupal/Core/Authentication/AuthenticationManagerInterface.php
@@ -0,0 +1,22 @@
+<?php
+
+/**
+ * @file
+ * Contains Drupal\Core\Authentication\AuthenticationManagerInterface.
+ */
+
+namespace Drupal\Core\Authentication;
+
+/**
+ * Defines an interface for authentication managers.
+ */
+interface AuthenticationManagerInterface {
+
+  /**
+   * Returns the service id of the default authentication provider.
+   *
+   * @return string
+   *   The service id of the default authentication provider.
+   */
+  public function defaultProviderId();
+}
diff --git a/core/lib/Drupal/Core/EventSubscriber/AuthenticationSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/AuthenticationSubscriber.php
index f9cf972..5bdf61c 100644
--- a/core/lib/Drupal/Core/EventSubscriber/AuthenticationSubscriber.php
+++ b/core/lib/Drupal/Core/EventSubscriber/AuthenticationSubscriber.php
@@ -23,11 +23,11 @@
 class AuthenticationSubscriber implements EventSubscriberInterface {
 
   /**
-   * Authentication manager.
+   * Authentication provider.
    *
    * @var AuthenticationProviderInterface
    */
-  protected $authenticationManager;
+  protected $authenticationProvider;
 
   /**
    * Keep authentication manager as private variable.
@@ -35,8 +35,8 @@ class AuthenticationSubscriber implements EventSubscriberInterface {
    * @param AuthenticationProviderInterface $authentication_manager
    *   The authentication manager.
    */
-  public function __construct(AuthenticationProviderInterface $authentication_manager) {
-    $this->authenticationManager = $authentication_manager;
+  public function __construct(AuthenticationProviderInterface $authentication_provider) {
+    $this->authenticationProvider = $authentication_provider;
   }
 
   /**
@@ -47,7 +47,7 @@ public function __construct(AuthenticationProviderInterface $authentication_mana
   public function onKernelRequestAuthenticate(GetResponseEvent $event) {
     if ($event->getRequestType() == HttpKernelInterface::MASTER_REQUEST) {
       $request = $event->getRequest();
-      $this->authenticationManager->authenticate($request);
+      $this->authenticationProvider->authenticate($request);
     }
   }
 
@@ -59,8 +59,7 @@ public function onKernelRequestAuthenticate(GetResponseEvent $event) {
   public function onRespond(FilterResponseEvent $event) {
     if ($event->getRequestType() == HttpKernelInterface::MASTER_REQUEST) {
       $request = $event->getRequest();
-
-      $this->authenticationManager->cleanup($request);
+      $this->authenticationProvider->cleanup($request);
     }
   }
 
@@ -71,7 +70,7 @@ public function onRespond(FilterResponseEvent $event) {
    */
   public function onException(GetResponseForExceptionEvent $event) {
     if ($event->getRequestType() == HttpKernelInterface::MASTER_REQUEST) {
-      $this->authenticationManager->handleException($event);
+      $this->authenticationProvider->handleException($event);
     }
   }
 
diff --git a/core/lib/Drupal/Core/Routing/Enhancer/AuthenticationEnhancer.php b/core/lib/Drupal/Core/Routing/Enhancer/AuthenticationEnhancer.php
index ea2fa13..16b1482 100644
--- a/core/lib/Drupal/Core/Routing/Enhancer/AuthenticationEnhancer.php
+++ b/core/lib/Drupal/Core/Routing/Enhancer/AuthenticationEnhancer.php
@@ -7,7 +7,7 @@
 
 namespace Drupal\Core\Routing\Enhancer;
 
-use Drupal\Core\Authentication\AuthenticationManager;
+use Drupal\Core\Authentication\AuthenticationManagerInterface;
 use Symfony\Cmf\Component\Routing\Enhancer\RouteEnhancerInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Cmf\Component\Routing\RouteObjectInterface;
@@ -17,7 +17,7 @@
  *
  * The authentication system happens before routing, so all authentication
  * providers will attempt to authorize a user. However, not all routes allow
- * all authentication mechanisms.  Instead, we check if the used provider is
+ * all authentication mechanisms. Instead, we check if the used provider is
  * valid for the matched route and if not, force the user to anonymous.
  */
 class AuthenticationEnhancer implements RouteEnhancerInterface {
@@ -27,10 +27,16 @@ class AuthenticationEnhancer implements RouteEnhancerInterface {
    *
    * @var \Drupal\Core\Authentication\AuthenticationManager
    */
-  protected $manger;
+  protected $manager;
 
-  function __construct(AuthenticationManager $manager) {
-    $this->manger = $manager;
+  /**
+   * Constructs a AuthenticationEnhancer object.
+   *
+   * @param AuthenticationManagerInterface $manager
+   *   The authentication manager.
+   */
+  function __construct(AuthenticationManagerInterface $manager) {
+    $this->manager = $manager;
   }
 
   /**
@@ -41,7 +47,7 @@ public function enhance(array $defaults, Request $request) {
     if (!empty($auth_provider_triggered)) {
       $route = isset($defaults[RouteObjectInterface::ROUTE_OBJECT]) ? $defaults[RouteObjectInterface::ROUTE_OBJECT] : NULL;
 
-      $auth_providers = ($route && $route->getOption('_auth')) ? $route->getOption('_auth') : array($this->manger->defaultProviderId());
+      $auth_providers = ($route && $route->getOption('_auth')) ? $route->getOption('_auth') : array($this->manager->defaultProviderId());
       // If the request was authenticated with a non-permitted provider,
       // force the user back to anonymous.
       if (!in_array($auth_provider_triggered, $auth_providers)) {