Skip to content
docsv0.1.0

CredentialVerifier

The producer: turns a raw {@see Credential} into a trusted {@see AuthContext}. This is the seam the whole package is built around — every way of proving identity (a session store, an OAuth provider, an API-key table) is one implementation of this one method. It must be fail-closed: an unrecognised or rejected credential returns {@see AuthContext::invalid()}, never a laxer context, and the raw value never reaches a log or an error on the way.

CredentialVerifier::verify()

abstract public function verify(Milpa\Auth\Credential $credential): Milpa\Auth\AuthContext

Verifies `$credential` and produces the {@see AuthContext} it proves — authenticated on success, {@see AuthContext::invalid()} when the credential is rejected. Never throws the raw credential value into an error.

Parameters

Parameters of verify()
NameTypeDescription
$credentialMilpa\Auth\Credential