cakephp · LordSimal · Apr 7, 2026 · Apr 7, 2026
diff --git a/docs/en/authenticators.md b/docs/en/authenticators.md
@@ -54,11 +54,10 @@ You can also provide a fully custom identifier configuration if needed:
 ```php
 $service->loadAuthenticator('Authentication.PrimaryKeySession', [
     'identifier' => [
-        'Authentication.Token' => [
-            'tokenField' => 'id',
-            'dataField' => 'key',
-            'resolver' => 'Authentication.Orm',
-        ],
+        'className' => 'Authentication.Token',
+        'tokenField' => 'id',
+        'dataField' => 'key',
+        'resolver' => 'Authentication.Orm',
     ],
 ]);
 ```
@@ -424,10 +423,9 @@ and similar SAML 1.1 implementations. An example configuration is:
 // Configure a token identifier that maps `USER_ID` to the
 // username column
 $identifier = [
-    'Authentication.Token' => [
-        'tokenField' => 'username',
-        'dataField' => 'USER_NAME',
-    ],
+    'className' => 'Authentication.Token',
+    'tokenField' => 'username',
+    'dataField' => 'USER_NAME',
 ];
 
 $service->loadAuthenticator('Authentication.Environment', [
@@ -537,12 +535,9 @@ $service = new AuthenticationService();
 
 // Define identifiers
 $passwordIdentifier = [
-    'Authentication.Password' => [
-        'fields' => [
-            'username' => 'email',
-            'password' => 'password'
-        ]
-    ],
+    'className' => 'Authentication.Password',
+    'username' => 'email',
+    'password' => 'password'
 ];
 
 // Load the authenticators leaving Basic as the last one.

diff --git a/docs/en/identifiers.md b/docs/en/identifiers.md
@@ -6,23 +6,22 @@ using the Password Identifier looks like:
 
 ```php
 $identifier = [
-    'Authentication.Password' => [
-        'fields' => [
-           'username' => 'email',
-           'password' => 'passwd',
-       ],
-       'resolver' => [
-           'className' => 'Authentication.Orm',
-           'userModel' => 'Users',
-           'finder' => 'active', // default: 'all'
-       ],
-       'passwordHasher' => [
-           'className' => 'Authentication.Fallback',
-           'hashers' => [
-                'Authentication.Default' => [
-                    'className' => 'Authentication.Legacy',
-                    'hashType' => 'md5',
-                ],
+    'className' => 'Authentication.Password',
+    'fields' => [
+        'username' => 'email',
+        'password' => 'passwd',
+    ],
+    'resolver' => [
+        'className' => 'Authentication.Orm',
+        'userModel' => 'Users',
+        'finder' => 'active', // default: 'all'
+    ],
+    'passwordHasher' => [
+        'className' => 'Authentication.Fallback',
+        'hashers' => [
+            'Authentication.Default' => [
+                'className' => 'Authentication.Legacy',
+                'hashType' => 'md5',
             ],
         ],
     ],
@@ -121,37 +120,35 @@ Callback identifiers can either return `null|ArrayAccess` for simple results, or
 ```php
 // A simple callback identifier
 $identifier = [
-    'Authentication.Callback' => [
-        'callback' => function($data) {
-            // do identifier logic
-
-            // Return an array of the identified user or null for failure.
-            if ($result) {
-                return $result;
-            }
-
-            return null;
-        },
-    ]
+    'className' => 'Authentication.Callback',
+    'callback' => function($data) {
+        // do identifier logic
+
+        // Return an array of the identified user or null for failure.
+        if ($result) {
+            return $result;
+        }
+
+        return null;
+    },
 ];
 
 // Using a result object to return error messages.
 $identifier = [
-    'Authentication.Callback' => [
-        'callback' => function($data) {
-            // do identifier logic
-
-            if ($result) {
-                return new Result($result, Result::SUCCESS);
-            }
-
-            return new Result(
-                null,
-                Result::FAILURE_OTHER,
-                ['message' => 'Removed user.']
-            );
-        },
-    ],
+    'className' => 'Authentication.Callback',
+    'callback' => function($data) {
+        // do identifier logic
+
+        if ($result) {
+            return new Result($result, Result::SUCCESS);
+        }
+
+        return new Result(
+            null,
+            Result::FAILURE_OTHER,
+            ['message' => 'Removed user.']
+        );
+    },
 ];
 ```
 
@@ -187,13 +184,12 @@ Resolver can be configured using `resolver` config option:
 
 ```php
 $identifier = [
-    'Authentication.Password' => [
-        'resolver' => [
-            // can be a full class name: \Some\Other\Custom\Resolver::class
-            'className' => 'MyResolver',
-            // Pass additional options to the resolver constructor.
-            'option' => 'value',
-        ],
+    'className' => 'Authentication.Password',
+    'resolver' => [
+        // can be a full class name: \Some\Other\Custom\Resolver::class
+        'className' => 'MyResolver',
+        // Pass additional options to the resolver constructor.
+        'option' => 'value',
     ],
 ];
 ```
@@ -203,8 +199,7 @@ Or pass the constructed resolver directly into the identifier configuration:
 ```php
 $resolver = new \App\Identifier\Resolver\CustomResolver();
 $identifier = [
-    'Authentication.Password' => [
-        'resolver' => $resolver,
-    ],
+    'className' => 'Authentication.Password',
+    'resolver' => $resolver,
 ];
 ```
diff --git a/docs/en/index.md b/docs/en/index.md
@@ -102,9 +102,8 @@ public function getAuthenticationService(ServerRequestInterface $request): Authe
     $service->loadAuthenticator('Authentication.Session');
     $service->loadAuthenticator('Authentication.Form', [
         'identifier' => [
-            'Authentication.Password' => [
-                'fields' => $fields,
-            ],
+            'className' => 'Authentication.Password',
+            'fields' => $fields,
         ],
         'fields' => $fields,
         'loginUrl' => Router::url([

diff --git a/docs/en/upgrade-3-to-4.md b/docs/en/upgrade-3-to-4.md
@@ -38,6 +38,17 @@ $authenticator = new FormAuthenticator(null);
 $service->loadAuthenticator('Authentication.Form', [
     'identifier' => 'Authentication.Password',
 ]);
+
+// Option 4: Configure identifier in authenticator config with identifier options
+$service->loadAuthenticator('Authentication.Form', [
+    'identifier' => [
+        'className' => 'Authentication.Password',
+        'fields' => [
+            'username' => 'email',
+            'password' => 'password',
+        ],
+    ],
+]);
 ```
 
 #### AuthenticationService Changes
@@ -62,6 +73,21 @@ $service->loadAuthenticator('Authentication.Form', [
 ]);
 ```
 
+or
+
+```php
+$service = new AuthenticationService();
+$service->loadAuthenticator('Authentication.Form', [
+    'identifier' => [
+        'className' => 'Authentication.Password',
+        'fields' => [
+            'username' => 'email',
+            'password' => 'password',
+        ],
+    ],
+]);
+```
+
 ### CREDENTIAL Constants Moved
 
 The `CREDENTIAL_USERNAME` and `CREDENTIAL_PASSWORD` constants have been