CredentialVerifier
The producer: turns a raw {@see Credential} into a trusted {@see AuthContext}. This is the seam the whole package is built around — every way of proving identity (a session store, an OAuth provider, an API-key table) is one implementation of this one method. It must be fail-closed: an unrecognised or rejected credential returns {@see AuthContext::invalid()}, never a laxer context, and the raw value never reaches a log or an error on the way.
CredentialVerifier::verify()
abstract public function verify(Milpa\Auth\Credential $credential): Milpa\Auth\AuthContextVerifies `$credential` and produces the {@see AuthContext} it proves — authenticated on success, {@see AuthContext::invalid()} when the credential is rejected. Never throws the raw credential value into an error.
Parameters
| Name | Type | Description |
|---|---|---|
| $credential | Milpa\Auth\Credential |