What is the purpose of retrieveByToken method?

Question

I am implementing custom User Provider in Laravel which implemens Illuminate\Contracts\Auth\UserProvider interface. I am wondering who is using following methods and what is the purpose of the following methods:

• public function retrieveByToken($identifier, $token)
• public function updateRememberToken(Authenticatable $user, $token)
• public function validateCredentials(Authenticatable $user, array $credentials)

at the moment I have those 3 methods empty and App running fine.

For example method description for public function retrieveByToken($identifier, $token) is following: Retrieve a user by their unique identifier and "remember me" token. For me this is confusing. Method name implicitly tells me that method should find a user using token and description tellms that method should find a user by id and token is for some other purpose?

Answer 1

Because this thread comes up when searching google for retrieveByToken, I'll add a current link to the docs that explains what this method is supposed to do. And provide it here:

retrieveByToken

The retrieveByToken function retrieves a user by their unique $identifier and "remember me" $token, typically stored in a database column like remember_token. As with the previous method, the Authenticatable implementation with a matching token value should be returned by this method.

You don't need to implement this method if you aren't using remember me functionality.

To further answer the question the other methods are more obvious in their role:

updateRememberToken

The updateRememberToken method updates the $user instance's remember_token with the new $token. A fresh token is assigned to users on a successful "remember me" authentication attempt or when the user is logging out.

Again, You don't need to implement this method if you aren't using remember me functionality.

validateCredentials

The validateCredentials method should compare the given $user with the $credentials to authenticate the user. For example, this method will typically use the Hash::check method to compare the value of $user->getAuthPassword() to the value of $credentials['password']. This method should return true or false indicating whether the password is valid.

You should be implementing this, not sure how else you are verify passwords?