Laravel - Authentication - The User Provider Contract
Illuminate\Contracts\Auth\UserProvider
implementations are responsible for fetching an Illuminate\Contracts\Auth\Authenticatable
implementation out of a persistent storage system, such as MySQL, MongoDB, etc. These two interfaces allow the Laravel authentication mechanisms to continue functioning regardless of how the user data is stored or what type of class is used to represent the authenticated user:
Let's take a look at the Illuminate\Contracts\Auth\UserProvider
contract:
The retrieveById
function typically receives a key representing the user, such as an auto-incrementing ID from a MySQL database. The Authenticatable
implementation matching the ID should be retrieved and returned by the method.
The retrieveByToken
function retrieves a user by their unique $identifier
and "remember me" $token
, typically stored in a database column like remember_token
. As with the previous method, the Authenticatable
implementation with a matching token value should be returned by this method.
The updateRememberToken
method updates the $user
instance's remember_token
with the new $token
. A fresh token is assigned to users on a successful "remember me" authentication attempt or when the user is logging out.
The retrieveByCredentials
method receives the array of credentials passed to the Auth::attempt
method when attempting to authenticate with an application. The method should then "query" the underlying persistent storage for the user matching those credentials. Typically, this method will run a query with a "where" condition that searches for a user record with a "username" matching the value of $credentials['username']
. The method should return an implementation of Authenticatable
. This method should not attempt to do any password validation or authentication.
The validateCredentials
method should compare the given $user
with the $credentials
to authenticate the user. For example, this method will typically use the Hash::check
method to compare the value of $user->getAuthPassword()
to the value of $credentials['password']
. This method should return true
or false
indicating whether the password is valid.