Laravel - Authentication - The User Provider Contract
Illuminate\Contracts\Auth\UserProvider implementations are responsible for fetching an
Illuminate\Contracts\Auth\Authenticatable implementation out of a persistent storage system, such as MySQL, MongoDB, etc. These two interfaces allow the Laravel authentication mechanisms to continue functioning regardless of how the user data is stored or what type of class is used to represent the authenticated user:
Let's take a look at the
retrieveById function typically receives a key representing the user, such as an auto-incrementing ID from a MySQL database. The
Authenticatable implementation matching the ID should be retrieved and returned by the method.
retrieveByToken function retrieves a user by their unique
$identifier and "remember me"
$token, typically stored in a database column like
remember_token. As with the previous method, the
Authenticatable implementation with a matching token value should be returned by this method.
updateRememberToken method updates the
remember_token with the new
$token. A fresh token is assigned to users on a successful "remember me" authentication attempt or when the user is logging out.
retrieveByCredentials method receives the array of credentials passed to the
Auth::attempt method when attempting to authenticate with an application. The method should then "query" the underlying persistent storage for the user matching those credentials. Typically, this method will run a query with a "where" condition that searches for a user record with a "username" matching the value of
$credentials['username']. The method should return an implementation of
Authenticatable. This method should not attempt to do any password validation or authentication.
validateCredentials method should compare the given
$user with the
$credentials to authenticate the user. For example, this method will typically use the
Hash::check method to compare the value of
$user->getAuthPassword() to the value of
$credentials['password']. This method should return
false indicating whether the password is valid.