### **Authentication** ### Authentication may be extended the same way as the cache and session facilities. Again, we will use the extend method we have become familiar with: ~~~ <!-- lang: php --> Auth::extend('riak', function($app) { // Return implementation of Illuminate\Auth\UserProviderInterface }); ~~~ The ``UserProviderInterface`` implementations are only responsible for fetching a ``UserInterface`` implementation out of persistent storage system, such as MySQL, Riak, etc. These two interfaces allow the Laravel authentication mechanisms to continue functioning regardless of how the user data is stored or what type of class is used to represent it. Let's take a look at the ``UserProviderInterface``: ~~~ <!-- lang:php --> interface UserProviderInterface { public function retrieveById($identifier); public function retrieveByCredentials(array $credentials); public function validateCredentials(UserInterface $user, array $credentials); } ~~~ The ``retrieveById`` function typically receives a numeric key representing the user, such as an auto-incrementing ID from a MySQL database. The ``UserInterface`` implementation matching the ID should be retrieved and returned by the method. The ``retrieveByCredentials`` method receives the array of credentials passed to the ``Auth::attempt`` method when attempting to sign into an application. The method should then "query" the underlying persistent storage for the user matching those credentials. Typically, this method will run a query with a "where" condition on ``$credentials['username']``. **This method should not attempt to do any password validation or authentication.** The ``validateCredentials`` method should compare the given ``$user`` with the ``$credentials`` to authenticate the user. For example, this method might compare the ``$user->getAuthPassword();`` string to a ``Hash::make`` of ``$credentials['password']``. Now that we have explored each of the methods on the ``UserProviderInterface``, let's take a look at the ``UserInterface``. Remember, the provider should return implementations of this interface from the ``retrieveById`` and ``retrieveByCredentials`` methods: ~~~ <!-- lang:php --> interface UserInterface { public function getAuthIdentifier(); public function getAuthPassword(); } ~~~ This interface is simple. The ``getAuthIdentifier`` method should return the "primary key" of the user. In a MySQL back-end, again, this would be the auto-incrementing primary key. The ``getAuthPassword`` should return the user's hashed password. This interface allows the authentication system to work with any ``User`` class, regardless of what ORM or storage abstraction layer you are using. By default, Laravel includes a ``User`` class in the ``app/models`` directory which implements this interface, so you may consult this class for an implementation example. Finally, once we have implemented the ``UserProviderInterface``, we can ready to register our extension with the ``Auth`` facade: ~~~ <!-- lang:php --> Auth::extend('riak', function($app) { return new RiakUserProvider($app['riak.connection']); }); ~~~ After you have registered the driver with the ``extend`` method, you switch to the new driver in your ``app/config/auth.php`` configuration file.