Challenge 1 / 1

I've created a custom authenticator and need to check to make sure the user's password is correct. Here is the authenticate() method:

public function authenticate(Request $request): PassportInterface
{
    $email = $request->request->get('email');
    $password = $request->request->get('password');

    return new Passport(
        new UserBadge($email),
        new PasswordCredentials($password)
    );
}

Will this correctly validate the user's password?

Yes. You pass the plain-text submitted password to PasswordCredentials and then you are guaranteed that some other process will check to make sure the password is correct (if it is not, authentication will fail).

Maybe. This is correct, but if your password_hashers configuration is not correct, then nothing will validate the submitted password.

No. This simply passes the plain-text password to PasswordCredentials, but it fails to actually check that it is valid!

Rewatch the video